WO2023066374A1

WO2023066374A1 - Privacy protection based image processing method, identity registration method, and identity authentication method

Info

Publication number: WO2023066374A1
Application number: PCT/CN2022/126690
Authority: WO
Inventors: 汤林鹏; 邰骋; 张舒畅; 张青笛; 王心安; 刘勤; 张之蔚
Original assignee: 墨奇科技（北京）有限公司
Priority date: 2021-10-21
Filing date: 2022-10-21
Publication date: 2023-04-27

Abstract

The present disclosure provides a privacy protection based image processing method, an identity registration method, and an identity authentication method. The privacy protection based image processing method comprises: obtaining an image to be processed, said image comprising a first biometric area, and the first biometric area comprising a plurality of first feature points; determining a first biometric template of the first biometric area according to the first biometric area, the first biometric template comprising biometric representations corresponding to the plurality of first feature points; and performing coding operation on the first biometric template to obtain first auxiliary data. According to embodiments of the present disclosure, the irreversibility of a biometric method can be improved, and revocability and unlinkability are ensured, thereby implementing protection of user privacy.

Description

Image processing method, identity registration method, and identity authentication method for privacy protection

This application claims the priority of the Chinese patent applications with application numbers CN202111228163.1 and CN202111229310.7 submitted on October 21, 2021. The content disclosed in the above-mentioned Chinese patent applications is hereby cited in its entirety as a part of this application.

technical field

Embodiments of the present disclosure relate to a privacy-protected image processing method, an identity registration method, and an identity authentication method.

Background technique

Biometrics are an important means of modern identity management and access control systems. Due to the strong and permanent link between an individual and their biometrics, exposing a registered user's biometrics to an attacker could seriously compromise user privacy. Currently, few biometric methods are capable of guaranteeing the irreversibility, revocability, and unlinkability required by biometric systems without significantly degrading recognition performance.

Contents of the invention

In view of this, the purpose of the embodiments of the present disclosure is to provide a privacy-protected image processing method, identity registration method, and identity authentication method, which can improve the irreversibility of the biometric identification method, ensure revocability and unlinkability, and thus realize Protection of user privacy.

In a first aspect, an embodiment of the present disclosure provides a privacy-protected image processing method, including:

Acquiring an image to be processed, where the image to be processed includes a first biological feature area, and the first biological feature area includes a plurality of first feature points;

According to the first biometric area, determine a first biometric template of the first biometric area, where the first biometric template includes biometric representations corresponding to a plurality of first feature points;

Perform encoding operation on the first biometric template to obtain the first auxiliary data, including the following items:

performing feature conversion on the first biometric template to obtain first auxiliary data; the feature conversion is determined according to a key corresponding to the first auxiliary data;

Perform quantization according to the first biometric template to obtain a quantized value; determine an error correction code word according to a key corresponding to the first auxiliary data; perform a first conversion process on the error correction code word to obtain the first auxiliary data; wherein, according to The key corresponding to the first auxiliary data determines the error correction code word, including: determining the error correction code code word according to the key corresponding to the first auxiliary data and the quantization value; and/or performing a first transformation on the error correction code word Processing to obtain the first auxiliary data includes: performing a first transformation process on the error correction code word according to the quantization value to obtain the first auxiliary data; the first transformation process is an irreversible transformation;

Perform quantization according to the first biometric template to obtain a quantized value; determine an error-correcting code word; perform a second conversion process on the error-correcting code word to obtain first auxiliary data; generate a key corresponding to the first auxiliary data according to the quantized value ; Wherein, determine the error correction code word; carry out the second transformation process to the error correction code word, obtain the first auxiliary data, including: randomly determine the error correction code word; Transform processing to obtain the first auxiliary data; or, determine the error correction code word according to the quantization value, and perform the second transformation processing on the error correction code code word to obtain the first auxiliary data; the second transformation processing is an irreversible transformation;

Wherein, the encoding operation includes an irreversible transformation.

In a second aspect, an embodiment of the present disclosure provides an identity registration method, including:

The first auxiliary data in the registration information of the object to be registered is determined through the above privacy-protected image processing method.

In a third aspect, an embodiment of the present disclosure provides an identity authentication method, including:

Acquiring an image to be authenticated of the object to be authenticated, the image to be authenticated includes a second biometric feature area, and the second biometric feature area includes a plurality of second feature points;

According to the second biometric area, determine the biometric template to be authenticated in the second biometric area;

Obtain the identity authentication result of the object to be authenticated, and the identity authentication result is determined according to the biometric template to be authenticated and the auxiliary data of the bottom database;

Wherein, the bottom database auxiliary data includes at least one first auxiliary data; the first auxiliary data is determined through the above-mentioned identity registration method.

In a fourth aspect, an embodiment of the present disclosure provides an identity registration method, including:

Receive the registration information sent by the terminal device, the registration information is determined through the above-mentioned identity registration method;

Store registration information in the database.

In the fifth aspect, the embodiment of the present disclosure provides an identity authentication method, including:

An authentication request sent by the terminal device is received; according to the authentication request, the bottom database auxiliary data is determined from the registration information stored in the database through the above identity registration method; wherein the bottom database auxiliary data includes at least one first auxiliary data.

In a sixth aspect, an embodiment of the present disclosure provides a method for using a key, including:

Use the identity authentication method of the third aspect above to authenticate the object to be authenticated;

If the identity authentication of the object to be authenticated is successful, one or more of digital signature, message encryption, message decryption, application login, and digital wallet management will be performed using the verified key determined by the identity authentication method of the third aspect deal with;

Wherein, the key that passes the verification includes the key to be authenticated that passes the verification, the multi-factor key to be authenticated that passes the verification, or the key to be authenticated used to generate the multi-factor key to be authenticated that passes the verification.

In the seventh aspect, the embodiment of the present disclosure provides a digital signature method, including:

Through the registration method of the second aspect, the registration information is determined; wherein, the registration information includes the first auxiliary data; the key corresponding to the first auxiliary data is the first private key; the first private key corresponds to the first public key; the first The private key and the first public key are generated in a trusted execution environment;

The first public key is sent to the sign verifier, so that the sign verifier uses the first public key to verify the digital signature generated using the first private key.

In an eighth aspect, an embodiment of the present disclosure provides a digital signature method, including:

Use the third-party identity authentication method to authenticate the object to be authenticated;

If the identity authentication of the object to be authenticated is successful, then use the first authenticated key determined by the identity authentication method of the third aspect to sign the information to be signed to obtain signed data with a digital signature;

Send the signature data to the signature verification party, so that the signature verification party uses the public key corresponding to the first key to be certified to verify the digital signature of the signature data; wherein, the public key corresponding to the first key to be certified is passed The method in the fifth aspect is sent to the signature verification party.

In a ninth aspect, an embodiment of the present disclosure provides a method for decrypting a message, including:

Through the identity registration method of the second aspect, the registration information is determined; wherein, the registration information includes the first auxiliary data; the key corresponding to the first auxiliary data is the second private key; the second private key corresponds to the second public key; The second private key and the second public key are generated in a trusted execution environment;

Send the second public key to the message encrypting party.

In a tenth aspect, an embodiment of the present disclosure provides a method for decrypting a message, including:

Receive the data to be decrypted sent by the message encryption party;

If the identity authentication of the object to be authenticated is successful, the second authentication key determined by the identity authentication method in the third aspect is used to decrypt the data to be decrypted to obtain the decrypted data;

Wherein, the public key corresponding to the second key to be authenticated is sent to the message encryption party through the above method, and the data to be decrypted is encrypted with the public key corresponding to the second key to be authenticated.

In an eleventh aspect, an embodiment of the present disclosure provides an application login method, including:

If the identity authentication of the object to be authenticated is successful, the third to-be-authenticated key determined by the identity authentication method of the third aspect and passed the verification is sent to the application server to log in to the target application program; or, the above-mentioned identity will be used The third key to be authenticated and the user ID that pass the verification determined by the authentication method are sent to the application server to log into the target application program.

In the twelfth aspect, the embodiment of the present disclosure provides a blockchain node information synchronization method, which is applied to the current blockchain node on the blockchain, and the blockchain includes multiple blockchain nodes, including:

Through the registration method of the second aspect, the registration information is determined, and the registration information includes the first auxiliary data; the key corresponding to the first auxiliary data is the third private key; the third private key corresponds to the third public key; the third private key and the third public key are generated in a trusted execution environment;

Broadcast the third public key to other blockchain nodes on the blockchain.

In a thirteenth aspect, an embodiment of the present disclosure provides a privacy-protected image processing device, including:

The first acquisition module is configured to acquire an image to be processed, the image to be processed includes a first biometric feature area, and the first biometric feature area includes a plurality of first feature points;

The first determining module is configured to determine a first biometric template of the first biometric region according to the first biometric region, where the first biometric template includes biometric representations corresponding to a plurality of first feature points;

An encoding module, configured to perform an encoding operation on the first biometric template to obtain first auxiliary data;

Encoding modules are implemented in any of the following ways:

Wherein, the encoding operation includes an irreversible transformation.

In a fourteenth aspect, an embodiment of the present disclosure provides an identity registration device, including:

The second determination module is configured to determine the first auxiliary data in the registration information of the object to be registered through the method of the first aspect.

In a fifteenth aspect, an embodiment of the present disclosure provides an identity authentication device, including:

The second acquisition module is configured to acquire an image to be authenticated of the object to be authenticated, the image to be authenticated includes a second biometric feature area, and the second biometric feature area includes a plurality of second feature points;

The third determining module is used to determine the biometric template to be authenticated in the second biometric region according to the second biometric region, and the biometric template to be authenticated includes a plurality of biometric data corresponding to a plurality of second characteristic points;

The fourth determining module is used to determine the identity authentication result of the object to be authenticated according to the biometric template to be authenticated and the auxiliary data of the bottom database;

Wherein, the base library auxiliary data includes at least one first auxiliary data; the first auxiliary data is included in the registration information, and the registration information is determined through the registration method of the second aspect.

In a sixteenth aspect, an embodiment of the present disclosure provides an identity registration device, including:

The first receiving module is configured to receive registration information sent by the terminal device, where the registration information is determined through the identity registration method provided by the second aspect;

The second storage module is used to store the registration information in the database, and the registration information includes the first auxiliary data.

In a seventeenth aspect, an embodiment of the present disclosure provides an identity authentication device, including:

The second receiving module is configured to receive the authentication request sent by the terminal device;

The bottom database auxiliary data determination module is used to determine the bottom database auxiliary data from the registration information stored in the database through the method in the identity registration method provided by the fourth aspect according to the authentication request; wherein the bottom database auxiliary data includes at least one First auxiliary data.

In an eighteenth aspect, an embodiment of the present disclosure further provides an electronic device, including: a processor and a memory, the memory stores machine-readable instructions executable by the processor, and when the electronic device is running, the machine-readable instructions are executed by the processor When performing the steps of the above-mentioned method.

In a nineteenth aspect, the embodiments of the present disclosure further provide a computer-readable storage medium, where a computer program is stored on the computer-readable storage medium, and when the computer program is executed by a processor, the steps of the above method are executed.

The privacy-protected image processing method, registration method, and identity authentication method, device, electronic device, and computer-readable storage medium provided by the embodiments of the present disclosure perform irreversible encoding operations on biometric templates that reflect user privacy. Even if the result of the encoding operation is leaked, it cannot be pushed back to the original biometric template, which greatly reduces the risk of privacy leakage; at the same time, the decoding operation corresponding to the encoding operation is fault-tolerant or the matcher used in the authentication stage is fault-tolerant, and can be based on the A biometric template that is sufficiently similar but not identical at the time of enrollment for authentication. Therefore, the method in the embodiment of the present invention is suitable for biometric identification and can protect privacy.

In order to make the above objects, features and advantages of the present disclosure more comprehensible, the following specific embodiments are described in detail in conjunction with the accompanying drawings.

Description of drawings

In order to more clearly illustrate the technical solutions of the embodiments of the present disclosure, the following will briefly introduce the accompanying drawings used in the embodiments. It should be understood that the following drawings only show some embodiments of the present disclosure, and therefore are not It should be regarded as a limitation on the scope, and those skilled in the art can also obtain other related drawings based on these drawings without creative work.

FIG. 1 is a schematic diagram of an operating environment provided by at least one embodiment of the present disclosure;

FIG. 2 is a schematic block diagram of an electronic device provided by at least one embodiment of the present disclosure;

Fig. 3 is a flowchart of a privacy-protected image processing method provided by at least one embodiment of the present disclosure

Fig. 4 is an interaction sequence diagram of an identity registration method provided by at least one embodiment of the present disclosure;

Fig. 5 is an interaction sequence diagram of an identity authentication method provided by at least one embodiment of the present disclosure; and

Fig. 6 is an interaction sequence diagram of another identity authentication method provided by at least one embodiment of the present disclosure.

Detailed ways

The technical solutions in the embodiments of the present disclosure will be described below with reference to the drawings in the embodiments of the present disclosure.

It should be noted that similar numbers and letters denote similar items in the following figures, therefore, once an item is defined in one figure, it does not require further definition and explanation in subsequent figures. Meanwhile, in the description of the present disclosure, the terms "first", "second", etc. are only used to distinguish descriptions, and cannot be understood as indicating or implying relative importance.

The inventor of the present application provides a privacy-protected image processing method, identity registration method, and identity authentication method. The data obtained after encoding the biometric template satisfies the following attributes:

Non-invertibility: Biometric data should be processed through irreversible transformations before storage. In any case, it is difficult to reverse and transform the original biological characteristics only based on the irreversible transformation results. This property prevents misuse of stored biometric data to launch spoofing or replay attacks, increasing the security of biometric systems. The more difficult it is to reverse and transform the original biometrics based on the irreversible transformation results, the higher the security of the biometric system.

Revocability or Revocability: This property satisfies the possibility of revoking and reissuing new instances of protected biometric references when the biometric database is compromised.

Non-linkability: This property satisfies that it is computationally difficult to determine whether two or more reference instances of a protected creature originate from the same biometric of the user, non-linkability prevents crossover across different applications match to protect user privacy.

The inventive concepts of the present disclosure are described below through some embodiments.

Embodiment one

In order to facilitate the understanding of this embodiment, an operating environment for executing each method disclosed in the embodiments of the present disclosure is firstly introduced.

The registration method and the authentication method provided by the embodiments of the present disclosure may be implemented independently by the terminal device or the server, or may be jointly implemented by the terminal device and the server. When the two are implemented together, the server and the terminal device need to interact. As shown in FIG. 1 , it is a schematic diagram of interaction between a server and a terminal device provided by an embodiment of the present disclosure. The server 110 communicates with one or more first terminal devices 120 through a network for data communication or interaction. The server 110 may be a web server, a database server, or the like. The first terminal device 120 may be a personal computer (personal computer, PC), a tablet computer, a smart phone, a personal digital assistant (personal digital assistant, PDA), a punch card machine, a payment device, and the like. The first terminal device 120 may determine the registration information based on the acquired image, and send the registration information to the server 110 for registration.

Optionally, the server 110 may also communicate with one or more second terminal devices 130 for data communication or interaction. The second terminal device 130 may perform identity authentication on the object contained in the image based on the acquired image.

In some embodiments, identity registration and identity authentication may be implemented in the same terminal device. In this case, the first terminal device 120 and the second terminal device 130 may be the same terminal device. For example, the first terminal device 120 may be a card punching device, an access control device, a payment device, a personal mobile device, and the like.

In some other embodiments, identity registration and identity authentication may be implemented in different terminal devices. In this case, the first terminal device 120 and the second terminal device 130 may be different terminal devices. For example, the first terminal device 120 may be a personal mobile device, and the second terminal device 130 may be a face recognition device in a subway.

As shown in FIG. 2 , it is a schematic block diagram of an electronic device. The electronic device 300 may include a memory 311 , a storage controller 312 , a processor 313 , a peripheral interface 314 , an input and output unit 315 , and a display unit 316 .

The memory 311 , storage controller 312 , processor 313 , peripheral interface 314 , input/output unit 315 and display unit 316 are electrically connected to each other directly or indirectly to realize data transmission or interaction. For example, these components can be electrically connected to each other through one or more communication buses or signal lines. The aforementioned processor 313 is used to execute the executable modules stored in the memory.

Wherein, the memory 311 can be, but not limited to, random access memory (Random Access Memory, referred to as RAM), read-only memory (Read Only Memory, referred to as ROM), programmable read-only memory (Programmable Read-Only Memory, referred to as PROM) ), Erasable Programmable Read-Only Memory (EPROM for short), Electric Erasable Programmable Read-Only Memory (EEPROM for short), etc. Wherein, the memory 311 is used to store the program, and the processor 313 executes the program after receiving the execution instruction, and the method performed by the electronic device 300 according to the process definition disclosed in any embodiment of the present disclosure can be applied to the processor 313, Or implemented by the processor 313 .

The above-mentioned processor 313 may be an integrated circuit chip with signal processing capabilities. Above-mentioned processor 313 can be general-purpose processor, comprises central processing unit (Central Processing Unit, be called for short CPU), network processor (Network Processor, be called for short NP) etc.; Can also be digital signal processor (digital signal processor, be called for short DSP) ), Application Specific Integrated Circuit (ASIC for short), Field Programmable Gate Array (FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components. Various methods, steps and logic block diagrams disclosed in the embodiments of the present disclosure may be implemented or executed. A general-purpose processor may be a microprocessor, or the processor may be any conventional processor, or the like.

The aforementioned peripheral interface 314 couples various input/output devices to the processor 313 and the memory 311 . In some embodiments, peripheral interface 314, processor 313, and memory controller 312 may be implemented in a single chip. In some other instances, they can be implemented by independent chips respectively.

The aforementioned input and output unit 315 is used to provide the user with input data. The input and output unit 315 may be, but not limited to, a mouse and a keyboard.

The above-mentioned display unit 316 provides an interactive interface (such as a user operation interface) between the electronic device 300 and the user or is used to display image data for the user's reference. In this embodiment, the display unit may be a liquid crystal display or a touch display. If it is a touch display, it can be a capacitive touch screen or a resistive touch screen supporting single-point and multi-touch operations. Supporting single-point and multi-touch operations means that the touch display can sense simultaneous touch operations from one or more positions on the touch display, and hand over the sensed touch operations to the processor calculation and processing.

Wherein, the electronic device 300 may be the server shown in FIG. 1 , or the terminal device shown in FIG. 1 . Those of ordinary skill in the art can understand that the structure shown in FIG. 2 is only a schematic diagram, and it does not limit the structure of the electronic device 300. The structures of the servers and terminal devices in FIG. 1 can also be compared to the electronic device shown in FIG. 300 with more or fewer components, or a different configuration than that shown in FIG. 2 . For example, the first terminal device and the second terminal device shown in FIG. 1 may further include a collection device for collecting image or audio data. For another example, the server shown in FIG. 1 may not include the display unit shown in FIG. 2 .

The electronic device 300 in this embodiment may be used to execute various steps in various methods provided in the embodiments of the present disclosure. The implementation process of each method is described in detail below through several embodiments.

Embodiment two

Please refer to FIG. 3 , which is a flowchart of a privacy-protected image processing method 400 provided by an embodiment of the present disclosure. The specific flow of the privacy-protected image processing method 400 will be described in detail below.

Step 410, acquire the image to be processed.

The image to be processed includes a first biometric feature area, and the first biometric feature area includes a plurality of first feature points.

The first biological characteristic area in the image to be processed may be a fingerprint area, a palmprint area, a finger vein area, a palm vein area, a face area, an iris area, and the like. The first feature point is a point in the first biometric region that can characterize biological characteristics, such as a key point of a human face, a finger-palm print, and a detail point of a finger-palm vein. Taking the first biometric region as an example of a face region, the first feature point may be a key point in the first biometric region representing the tip of the nose, the end of the eye, and the center of the eyebrow. Taking the first biometric area as an example of a fingerprint area, the first feature point may be a minutiae point representing a bifurcation point, an end point, and the like of a texture in the first biometric area.

The image to be processed can be obtained through contact or non-contact acquisition. Exemplarily, the non-contact acquisition manner may be to obtain images to be processed by taking pictures. In order to make the collected image to be processed contain more feature points so that the image to be processed contains enough information that can be used for encoding, the image obtained by collecting the same biological feature multiple times can also be fused to form the image to be processed.

In one embodiment, the image to be processed is collected by non-contact acquisition, and the biometrics contained in the first biometric region may be at least one of fingerprints, palm prints, finger veins, and palm veins. The number of feature points included in the first biological feature area is greater than 300.

The security level of a privacy-preserving biometric system is limited by its FAR (False Acceptance Rate). Faces are not as unique as fingerprints/palmprints, and today's best facial recognition systems achieve no less than a FAR of 1 in a million. In contrast, finger palm prints, finger palm veins have lower FAR than faces. Because fingerprints are more unique than faces on the one hand, it is estimated that fingerprints with 36 details can have a discrimination degree as high as 1.95×10 ³⁶ . On the other hand, the relative positions of facial features such as eyes and nose are limited rather than disordered. Compared with finger palm prints and finger palm veins, faces have lower information entropy and contain less information.

In fact, more detailed information can be captured by non-contact collection than traditional methods. Combining multiple fingerprints and large-area palmprints, biometric areas containing more than 300 feature points can be collected at one time. So many feature points It makes it possible to collect information with sufficient discrimination and enough information for encoding through a single image without aligning and fusing multiple images, so that the security level of the biometric identification algorithm can be raised to a very high standard.

Step 420: Determine a first biometric template of the first biometric region according to the first biometric region.

The first biological feature template includes multiple biological feature representations corresponding to the first feature points.

Exemplarily, the biometric template is obtained by performing feature extraction on the biometric region, where the feature extraction is a reversible transformation. Exemplarily, the biometric template may be presented in the form of a vector or a data set. Exemplarily, a biometric template includes multiple biometric representations corresponding to multiple feature points one-to-one, and each biometric representation is the local information of its corresponding feature point, so that the biometric template includes a sufficiently high degree of discrimination .

In a specific implementation manner, the biometric template includes multiple biometric representations corresponding to multiple feature points one by one, and the biometric representation corresponding to each feature point includes information describing the feature point, such as the position of the feature point, Angle, relative position and relative angle with other feature points, etc.

It can be understood that the more information contained in the biometric template, the higher the discrimination of the biometric template. The biometric template needs to have a high enough discrimination to ensure that the FAR is within an acceptable range, and the specific discrimination requirements can be determined according to the size of the base library for biometric identification. It is understandable that the larger the size of the base library, the higher the discrimination of the biometric template is required.

Step 430, performing an encoding operation on the first biometric template to obtain first auxiliary data.

The encoding operations used in the above step 430 include irreversible transformations. It can be understood that the encoding operation includes irreversible transformation means that at least one of the steps involved in the encoding operation is an irreversible transformation, making it difficult to determine the biometric template through inverse transformation only based on the first auxiliary data obtained by the encoding operation. In this way, privacy protection can be realized.

At the same time, the natural ambiguity of biometric features will inevitably require the decoding operation used in authentication (at this time, the encoding operation will use BCH, RS, etc. to encode the error correction code, and the decoding operation will use the corresponding method to decode the error correction code) or matcher To be fault tolerant so that authentication is based on a biometric template that is sufficiently similar to, but not identical to, the enrollment.

Encoding operations that meet the above requirements can be implemented in various optional ways.

In a first optional implementation manner, step 430 may be implemented as:

S100. Perform feature conversion on the first biometric template to obtain first auxiliary data; the feature conversion is determined according to a key corresponding to the first auxiliary data.

It can be understood that the key corresponding to the first auxiliary data is not required to be obtained after the first auxiliary data exists, and if a key is used to generate the first auxiliary data, it is called the key corresponding to the first auxiliary data .

Exemplarily, the key corresponding to the first auxiliary data may be input by the user to be registered corresponding to the image to be processed or generated according to the input of the user to be registered. For example, the key corresponding to the first auxiliary data is generated by performing one or more processes of format conversion, digit padding, and verification information addition on the input of the user to be registered.

In this optional implementation manner, in the registration phase, F _k (X)=H; in the authentication phase, F _k' (X')=H'. Among them, F is the feature conversion function, k is the key corresponding to the first auxiliary data, k' is the key obtained in the authentication phase, X and X' are the biometric templates to be authenticated in the registration phase and the authentication phase, respectively, H and H 'Auxiliary data for the registration phase and authentication phase, respectively. If X and X' are close enough and k'=k, then H and H' are close enough. In this optional implementation manner, in the authentication stage, the matcher judges whether H and H' are close enough, and the matcher has fault tolerance.

Specific examples of the first optional implementation manner may be Biohashing and Robusthashing.

In a second optional implementation manner, step 430 may be implemented as:

S109, performing quantification according to the first biometric template to obtain a quantification value;

It is understandable that the biometric representation included in the biometric template is discretized at a relatively high resolution, and the biometric representation needs to be further discretized, that is, quantized, before the encoding operation.

Quantizing according to the first biological feature template can be understood as quantizing the biological feature representation corresponding to the first feature point into the grid space. For example, biological features are expressed as the position and angle of feature points <i, j, θ>, where the value ranges of i, j, θ are 1-32, 1-16, 1-8, and the values of i, j, θ Can be integer or decimal. For the convenience of coding, it is hoped that the quantized i, j, and θ take integer values from 1-32, 1-16, and 1-8. At this time, the size of the grid space is 32*16*8, and the resolution of the grid space is is 1.

Quantifying according to the first biometric template may comprise individually rounding and/or operating elements of the biometric representation contained in the first biometric template, and/or rounding/operating between elements. In a specific embodiment, the quantification includes rounding each element separately, for example, <3.5, 5.1, 60.5> represents a biological characteristic corresponding to a quantitative value of <4 (rounded), 5 (rounded), 2 ( Round after 60.5/360)>. In another specific embodiment, the quantification includes individual rounding of each element and splicing into multiple digits, for example, the corresponding quantitative value of <3.5, 5.1, 60.5> is 452 (rounded to <4, 5 , 2> after splicing into multiple digits).

S110. Determine an error correction code word according to the key corresponding to the first auxiliary data;

The key corresponding to the first auxiliary data may be input by the user or generated by the system, where the generation by the system includes random generation or generation according to user input. The key corresponding to the first auxiliary data has k dimensions. For example, the key corresponding to the first auxiliary data is generated by performing one or more processes of format conversion, digit padding, and verification information addition on user input. Determining the error-correcting code word according to the key corresponding to the first auxiliary data may be to determine the error-correcting code word from the n-dimensional finite field according to the key corresponding to the first auxiliary data, and the error-correcting code word is n-dimensional (n >k), making the decoding algorithm corresponding to the encoding algorithm error-tolerant. It is understandable that the larger n is than k, the stronger the error tolerance is, and the greater the amount of computation required for encoding operations is.

Step S110 may include determining an error correction code word according to a key corresponding to the first auxiliary data, or determining an error correction code word according to a key and a quantization value corresponding to the first auxiliary data.

There are many ways to determine the n-dimensional error correction code word according to the key corresponding to the k-dimensional first auxiliary data. Exemplarily, the error correction code word can be determined by BCH or other error correction code encoding. Exemplarily, a k-dimensional key and a k*n encoding matrix may be converted into an n-dimensional vector. There are many ways to determine the error correction code word according to the key and the quantization value corresponding to the first auxiliary data. Exemplarily, the error correction code word may be determined through RS error correction coding. For example, according to the key generation (k-1) order polynomial function (that is, k coefficients of the generator polynomial function) corresponding to the first auxiliary data, calculate the function value at n quantized values to obtain an n-dimensional error correction code word.

S120. Perform a first conversion process on the error correction code word to obtain first auxiliary data.

Step S120 may include: performing a first conversion process on the error correction code word that has nothing to do with the quantization value; it may also include, according to the quantization value, performing the first conversion process on the error correction code word to obtain the first auxiliary data, thereby realizing Protection of codewords of error-correcting codes.

When the error correction codeword is determined according to the key corresponding to the first auxiliary data, but not according to the quantization value, the first conversion process of S120 needs to be related to the quantization value, so that the error correction codeword, that is, the first A key corresponding to the auxiliary data is bound to a quantized value, that is, a biometric template, so as to realize protection of a key and a quantized value corresponding to the first auxiliary data, that is, a biometric template. When the error correction codeword is determined according to the key corresponding to the first auxiliary data and the quantization value, the first conversion process in S120 may or may not be related to the quantization value, because S110 has converted the key corresponding to the first auxiliary data into Binding with the quantized value, regardless of whether S120 is related to the quantized value, can realize the protection of the key corresponding to the first auxiliary data and the quantized value, that is, the biometric template.

That is to say, at least one of step S110 and step S120 uses the quantized value obtained in step S109, that is, the quantized value is used when expanding the key corresponding to the first auxiliary data of k dimension to n dimension or after expanding to n dimension, Thus, the binding of the key corresponding to the quantized value and the first auxiliary data is realized in the encoding operation.

In this kind of optional embodiment, in the registration stage, c=Enc(k) or c=Enc(k, X) in step S110, in step S120, the first transformation process is performed on c to obtain H; in the authentication stage, Dec( X', H) = k'. Among them, Enc is the step of determining the codeword of the error correction code, Dec is the step of the decoding operation, k is the key corresponding to the first auxiliary data, k' is the key obtained from the decoding operation, X and X' are the registration stage and the authentication stage respectively The quantization value of the stage, H is the first auxiliary data. If X and X' are close enough, then k'=k.

Specific examples of the second optional implementation manner can be fuzzy commitment (Fuzzy Commitment) and fuzzy vault (Fuzzy Vault).

In a third optional implementation manner, step 430 may be implemented as:

S129. Perform quantization according to the first biometric template to obtain a quantized value. For the description of this step, refer to S109.

S130, determining an error correction code word;

In this embodiment, the key corresponding to the first auxiliary data is not obtained before the error correction code word is determined, and the error correction code word is not generated according to the key corresponding to the first auxiliary data.

Exemplarily, step S130 includes: randomly determining the code word of the error correction code; determining the code word of the error correction code according to the quantization value; determining one of the code words of the error correction code according to the quantization value and the random quantity. Exemplarily, when the quantization value is used when determining the codeword of the error correction code, RS error correction coding can be used. Exemplarily, when the quantization value is not used when determining the codeword of the error correction code, the error correction coding may be performed by BCH error correction coding, RS error correction coding, and the like. Randomly determine the codeword of the error correction code For example, randomly generate a k-dimensional vector and multiply it by a k*n coding matrix as the codeword of the error correction code. Determine the error correction code word according to the quantization value and random quantity. For example, randomly generate (k-1) order polynomial function (that is, randomly generate k coefficients of the polynomial function), and calculate the function value at n quantization values to obtain n-dimensional code. Character. When the error correction code word is determined randomly or according to the quantization value and random quantity, different error correction code words can be determined based on the same quantization value, thereby ensuring the revocability of the biometric identification algorithm.

S140. Perform a second transformation process on the error correction code word to obtain first auxiliary data.

The second transform process may or may not be quantized value dependent. When the error correction code word is randomly determined, the second transformation process needs to be related to the quantization value, so as to realize the encoding operation of the error correction code code word and the quantization value, that is, the biometric template, and then realize the protection of the quantization value, that is, the biometric template . When the error correction code word is determined according to the quantization value, or when it is determined according to the quantization value and the random quantity, since the quantization value and the error correction code word have been corresponding in S130, no matter whether the second conversion process is related to the quantization value or not, it can be Realize the protection of the quantitative value, that is, the biometric template.

That is to say, at least one of step S130 and step S140 uses the quantized value obtained in step S129 to implement an encoding operation on the quantized value.

S150. Generate a key corresponding to the first auxiliary data according to the quantization value;

Exemplarily, the key corresponding to the first auxiliary data is generated by the strong extractor according to the quantization value, that is, the key corresponding to the first auxiliary data is generated from the biometric region.

In this optional implementation, in the registration stage, c=Enc(r) or c=Enc(X) in S130, k=Ext(X) in S150, and the second conversion process is performed on c in S140 to obtain H; In the authentication phase, Dec(X', H)=X1, k'=Ext(X1). Among them, r is a random variable, Enc is the step of determining the code word of the error correction code, Dec is the step of decoding operation, Ext is the step of extracting the key from the quantized value, k is the key corresponding to the first auxiliary data, X and X' is the quantized value of the registration stage and the authentication stage respectively, X1 is the quantized value obtained from the error correction of the error correction code, and H is the first auxiliary data. If X and X' are close enough, then X1=X, so k'=k.

A specific example of the third optional implementation manner may be fuzzy extractor (Fuzzy Extractor).

The method of the embodiment of the present invention performs an irreversible encoding operation on the biometric template that reflects user privacy. On the one hand, because the result of the irreversible encoding operation is stored, even if it is leaked, it cannot be pushed back to the original biometric template, which greatly reduces the The risk of privacy leakage makes the biometric method meet the irreversible property; on the other hand, the key or random quantity is used in the irreversible encoding operation, so that when the key or random quantity is different, different auxiliary functions can be generated for the same biometric template. data such that the biometric method satisfies the revocable property. At the same time, the decoding operation corresponding to the encoding operation or the matcher used in the authentication stage is fault-tolerant, and can be authenticated based on a biometric template that is sufficiently similar to but not identical to the registration. It can be seen that the method in the embodiment of the present invention is suitable for biometric identification and can protect privacy.

In some embodiments, the biological feature representation corresponding to the first biological feature area includes: biological feature data and precise descriptors. Step 420 may include:

S4201. Determine biometric data corresponding to multiple first feature points according to the first biometric region;

Exemplarily, the biometric data is in one-to-one correspondence with the feature points, describing the position and angle of the corresponding feature points, the relative position and relative angle between the corresponding feature points and other feature points, and other orientation information;

It is understandable that due to the natural ambiguity of biological features, even if two feature points in two images collected at different times correspond to the same biological position of the same object (such as the same minutiae point on a fingerprint, the same key point in a face) , the biometric data corresponding to these two feature points may be similar but not identical. Therefore, the multiple feature data corresponding to the multiple feature points A and the multiple feature data corresponding to the multiple feature points A' collected twice are almost certainly similar but different, where A corresponds to multiple biological positions of an object w1, w2..wn, A' corresponds to the same biological position w1, w2..wn of the same object.

S4202. Determine accurate descriptors corresponding to multiple first feature points according to the first biological feature area.

Exemplarily, the precise descriptor is in one-to-one correspondence with the feature points, and is used to describe information such as texture features, direction fields, frequency domain vectors, colors, etc. of the local area where the corresponding feature points are located.

The precise descriptor refers to two feature points corresponding to the same biological position of the same object (for example, the same minutiae point on the fingerprint, the same key point in the face) on the two acquired images (for example, the same minutiae point on the fingerprint is in The corresponding feature point in the first image to be processed is A1, and the corresponding feature point (A2) in the second image to be processed corresponds to the same exact descriptor (for example, a probability of more than 90%) is the same (accurate descriptions corresponding to A1 and A2 same sub).

For the biometric identification algorithm based on the fault tolerance of the matcher, the use of the descriptor increases the information used for encoding compared with the non-use of the descriptor, so that the security of the biometric identification method is further improved. Compared with fuzzy descriptors, the use of accurate descriptors can reduce the possibility of authentication failure caused by double fuzziness of biometric data and descriptors, thereby increasing the stability of biometric identification methods.

For the biometric identification algorithm based on the fault tolerance of the decoding operation, the security of the whole method mainly depends on the number of feature points used to generate the biometric template and the size of the entire grid space used to quantify the feature points. For the one-to-one correspondence between descriptors and feature points, for each feature point, an additional accurate descriptor is obtained in addition to the biometric data. If the grid space increases correspondingly due to the descriptor, it will be more difficult for the attacker to guess the real feature points from the grid space, and the security of the biometric identification method will be further improved. For example, biological characteristics are expressed as <i, j, θ, d>, the value ranges are 1-32, 1-16, 1-8, 1-10, and the grid space can be increased to 32*16*8* 10. If the grid space is not increased due to the descriptor, it is equivalent to when the feature points are mapped to the grid space, the contribution proportion of the biometric data decreases, and the contribution proportion of the descriptor increases. Since the biometric data is fuzzy, the description The sub is accurate, which is equivalent to when the feature points are mapped to the grid space, the proportion of fuzzy information is reduced, and the proportion of accurate information is increased, which can reduce the possibility of authentication failure due to the fuzziness of the biometric itself. Thereby, the stability of the biometric identification method is increased. In addition, compared with the fuzzy descriptor, when the precise descriptor is used, the authentication stage only needs to correct the blur caused by the biometric data, and does not need to further correct the blur caused by the descriptor. Descriptors, the use of accurate descriptors can reduce two layers of error correction to one layer of error correction, thereby increasing the decoding speed.

Due to the natural ambiguity of biological characteristics, if the descriptors corresponding to feature points are extracted in a conventional way, only fuzzy descriptors can be obtained but precise descriptors cannot be obtained. The embodiment of the present invention uses the following method to determine the precise descriptor:

Accurate descriptor determination method 1: input the image to be processed and/or the description information of the image to be processed into the descriptor extraction model for processing, and obtain accurate descriptors corresponding to multiple first feature points.

The input of the descriptor extraction model may be the image to be processed, or both the image to be processed and the description information of the image to be processed.

The description information of the image to be processed can be extracted by image processing methods or algorithm models, and can be presented in the form of vectors, matrices, and graphs. For example, the description information is a vector representing the ridge frequency of the sub-region corresponding to each feature point in the image to be processed.

Before using the descriptor extraction model to extract the descriptor of the image to be processed, the descriptor extraction model needs to be trained. If the input of the descriptor extraction model includes images to be processed, the training samples of the descriptor extraction model may be multiple pairs of sample images whose matching conditions are known. Exemplarily, knowing the matching situation refers to knowing whether the sample image P1 and the sample image P2 match, and if so, which feature points match. For example, two sample images of P1 and P2 are matched, P1 and P2 respectively include 6 minutiae points P10-P15, P20-P25, and the corresponding accurate descriptors are d10-d15, d20-d25 respectively. It is known that the following minutiae points in P1 and P2 are matched: P11-P23, P13-P25, P12-P20, P10-P22, P14-P21. After knowing the matching situation between each minutiae point, the predicted value of the descriptor difference corresponding to each minutiae point and the true value GT of the descriptor difference of each minutiae point pair (for the minutiae point pair matched, the The GT of the difference between the descriptors of the two minutiae points in the minutiae pair is 0, and for the mismatched minutiae point pair, the difference between the descriptors of the two minutiae points in the minutiae pair is infinite) Calculate this 6*6=36 The loss value of the difference between the descriptors of a pair of minutiae points, and update the network parameters of the descriptor extraction model according to the loss value, where the loss value needs to be designed to make the exact descriptors of the matched minutiae points in P1 and P2 as consistent as possible. The gap between the precise descriptors of the matched minutiae should be as large as possible. If the input of the descriptor extraction model includes the image to be processed and the description information of the image to be processed, the training samples of the descriptor extraction model can be multiple pairs of sample images whose matching conditions are known and their respective description information. The specific training method is as above, and will not be repeated here.

In this embodiment, the image to be processed and the description information of the image to be processed are used as the input of the descriptor extraction model, and the characteristics of the sub-regions corresponding to each feature point in the image to be processed can be obtained at one time for describing the location of each feature point. information descriptor.

Accurate descriptor determination method 2: According to the position data of multiple first feature points, determine the local images of the neighborhood where the multiple first feature points are located, and combine the local images and/or descriptions of the local images of multiple first feature points The information is input into the descriptor extraction model to obtain accurate descriptors corresponding to multiple first feature points.

Similarly, before using the descriptor extraction model to extract the descriptor of the image to be processed, the descriptor extraction model needs to be trained.

The extraction of the description information of the partial image and the model training method are similar to the precise descriptor determination method 1, and will not be repeated here. It can be understood that the purpose of model training is also to make the exact descriptors of the matched minutiae as consistent as possible, and the gap between the exact descriptors of the unmatched minutiae be as large as possible.

In this embodiment, the local data corresponding to the feature points is used as the input of the descriptor extraction model, the model can be relatively small, the amount of calculation is small, the calculation speed is fast, and the accuracy of the result is higher, but it is necessary to intercept the local image from the image to be processed Wait for preprocessing.

Accurate descriptor determination method 3: For each first feature point among multiple first feature points, determine the fuzzy descriptor of the first feature point, and cluster the fuzzy descriptors of the first feature point to its distance The closest category center descriptor, using the nearest category center descriptor as the precise descriptor corresponding to the first feature point; wherein, the category center descriptor is obtained by clustering multiple fuzzy descriptors.

Exemplarily, the fuzzy descriptor of the first feature point is determined according to the local image of the neighborhood where the first feature point is located.

In this embodiment, the precise descriptor is determined through three steps. First, extract descriptors from a large number of (for example, 100w) feature points to obtain fuzzy descriptors corresponding to feature points; secondly, cluster multiple fuzzy descriptors to obtain multiple category center descriptors; thirdly, for For each first feature point in the plurality of first feature points, a fuzzy descriptor of the first feature point is determined, and the fuzzy descriptor of the first feature point is clustered to the category center descriptor closest to it, and the The closest category center descriptor is used as the precise descriptor corresponding to the first feature point. In this way, fuzzy descriptors can be transformed into precise descriptors.

The accurate descriptors are determined by the above several methods, so that the exact descriptors corresponding to the two feature points corresponding to the same biological position of the same object on the images acquired twice are likely to be the same (for example, the probability of more than 90%) is the same, so that The probability of error correction of the descriptor is greatly reduced, thereby improving the decoding speed.

In this embodiment, the biometric representation includes biometric data and precise descriptors, and the precise descriptors are used in different sub-steps of step S430. When accurate descriptors are used in the biometric template/according to the biometric template to obtain the quantified value/feature conversion step, the security and/or stability of the biometric method can be improved, and it can be used in the first transformation process and the second transformation process When precise descriptors are used, the calculation speed of biometric methods can be improved compared to using vague descriptors. It can be understood that when the precise descriptor is only used in the biometric template and/or obtaining the quantified value according to the biometric template, the feature conversion/first transformation processing/second transformation processing in step S430 may have nothing to do with the precise descriptor; Only when the precise descriptor is used in the feature conversion/first transformation processing/second transformation processing in step S430, performing feature conversion according to the first biological feature template may be to perform feature conversion only on the feature data in the first biological feature template , performing quantification according to the first biological characteristic template may be performing quantification only according to biological characteristic data in the first biological characteristic template.

When step S430 is implemented through the first to third optional implementation manners, precise descriptors may be used in S100, S109 and S120, S129 and S140 respectively.

Specifically, when step S430 is implemented through the first optional implementation manner, there are three ways to use the precise descriptor in S100:

Mode 1: Perform feature conversion on the biometric data and precise descriptors included in the first biometric template to obtain the first auxiliary data; the feature conversion is determined according to the key corresponding to the first auxiliary data;

Mode 2: performing feature conversion on the biometric data in the first biometric template to obtain the first auxiliary data; the feature conversion is determined according to the key and the precise descriptor corresponding to the first auxiliary data;

Mode 3: Perform feature transformation on the biometric data and precise descriptor included in the first biometric template to obtain the first auxiliary data; the feature transformation is determined according to the key and the precise descriptor corresponding to the first auxiliary data.

Among these three methods, the use of descriptors increases the information used for encoding compared with the use of descriptors, which further improves the security of biometric identification methods. Compared with fuzzy descriptors, the use of accurate descriptors can reduce the possibility of authentication failure caused by double fuzziness of biometric data and descriptors, thereby increasing the stability of biometric identification methods.

When step S430 is implemented through the second optional implementation manner, precise descriptors may be used in S109 and S120.

When the precise descriptor is used in S109, the precise descriptor may be used in step S1091 and/or step S1092.

Step S1091, performing quantification according to the first biometric template, including: quantifying the biometric data and the precise descriptor included in the first biometric template;

It can be understood that, even if the biometric representation contains accurate descriptors, the quantization process of S1091 may only use biometric data without using descriptors. When the precise descriptor is used in S1091, there are two cases of increasing and not increasing the grid space.

As before, when biometric data and precise descriptors are quantized to the grid space, if the grid space is increased compared to when the descriptor is not used, the security of the biometric method can be improved. The time lattice point space does not increase, which can improve the stability of the biometric identification method.

Step S1092, obtaining the quantized value includes: performing a third transform process on the quantized result of step S1091 to obtain the quantized value, the third transform process is determined according to the precise descriptor; the third transform process is reversible or irreversible transform;

Exemplarily, the quantization value X=φ _d (T), wherein T is the quantization result obtained in step S1091, and φ _d is the third transformation process determined according to the precise descriptor.

In this embodiment, if you want to guess the real point, you must not only guess T (when T is determined only according to the biometric data, guessing T means guessing the biometric data), but also an additional guess d In this way, the security of the biometric identification method can be further improved.

In the authentication stage, the biometric template to be authenticated collected in the authentication stage can be quantified in the same way to obtain the quantized value to be authenticated, and the authentication can be performed by decoding the quantized value to be authenticated without restoring the quantized result before the third transformation process. Therefore, the third transformation process is a reversible or irreversible transformation.

That is to say, using the additional accurate descriptor information in S109 can further improve the security and/or stability of the biometric identification algorithm. If only precise descriptors are used in S1091 and the lattice space does not increase, then stability is improved; if only precise descriptors are used in S1091 and the lattice space is increased, security is improved; if only precise descriptors are used in S1092 If the descriptor is used in S1092 and S1091, the security is improved; if the precise descriptor is used in S1092 and S1091 and the grid space does not increase, the stability and security are improved; if the precise descriptor is used in S1092 and S1091 and the grid space is increased , the security is improved.

When the precise descriptor is used in the first transformation process of S120, compared with using the fuzzy descriptor, the operation speed during authentication will be significantly improved.

In the first implementation manner 2.1 of the second optional implementation manner, steps S110 and S120 may be implemented as:

S1101. Determine the parameters of the first algebraic curve according to the key corresponding to the first auxiliary data;

In a specific implementation, the key corresponding to the first auxiliary data is k-dimensional, the first algebraic curve is a k-order polynomial f, and the coefficients of the k-order polynomial are determined according to the key corresponding to the first auxiliary data.

S1103. Map the first quantization value among the quantization values on the first algebraic curve to obtain a first mapping value corresponding to the first quantization value, and the error correction code word includes a plurality of mapping values.

Exemplarily, the first quantization value is one of the quantization values. The first quantization value is mapped on the first algebraic curve to obtain the first mapping value, thereby obtaining each mapping value corresponding to each quantization value one-to-one, and the error correction code word includes each mapping value. The point with the first quantization value as the first coordinate component and the first mapping value as the second coordinate component can be called the first point; the point set with each quantization value and each mapping value as the first and second coordinate components is called First point set.

In a specific implementation manner, the quantization value X includes a plurality of quantization values x1, x2...xn corresponding to the feature points one-to-one. For each quantization value, its corresponding mapping value y1=f(x1), y2=f(x2), . . . yn=f(xn) is generated. The code words of the error correction code include y1, y2,...yn. The first set of points is {(x1,y1),(x2,y2),...(xn,yn)}. The first point is a point in the first point set.

S1201, generating a hash point set;

In a specific implementation manner, the hash points in the hash point set may be randomly generated, and the first coordinate component of the hash points is not equal to any quantization value.

S1203. Determine the first auxiliary data according to the first auxiliary point set and the hash point set; wherein, the first auxiliary point in the first auxiliary point set has a first functional relationship with the first point on the first algebraic curve, and the first The point uses the first quantization value as the first coordinate component, and the first mapping value as the second coordinate component; the first coordinate component of the first auxiliary point is determined according to the first quantization value.

In step S1103, the first point set has been obtained, and the first point set can be directly used as the first auxiliary point set. At this time, the first functional relationship is an identity mapping; or, the first point set is transformed to obtain the first auxiliary point set. point set, at this time the first functional relationship is determined by the transformation process.

In a specific implementation manner, the union of the first auxiliary point set and the hash point set is used as the first auxiliary data.

In the authentication phase, it is necessary to restore enough points in the first point set, so as to determine the parameters of the first algebraic curve, and then determine the key corresponding to the first auxiliary data.

Corresponding to the case of performing transformation processing on the first point set to obtain the first auxiliary point set, S120 may also include: S1202, performing a fourth transformation process on the first point to obtain the first auxiliary point in the first auxiliary point set; the fourth transformation The processing is determined according to the precise descriptor, and the fourth transformation processing is reversible transformation.

It can be understood that, after determining the auxiliary points corresponding to each point in the first point set, the first auxiliary point set composed of auxiliary points is obtained.

For example, the first point set is {(x1,y1),(x2,y2),…(xn,yn)}, and the first auxiliary point set is {(x1',y1'),(x2',y2') ,...(xn',yn')}, (xi',yi')=Φ _d (xi,yi)=(Φ _d ^x (xi),Φ _d ^y (xi,yi)), where i=1- n. Among them, Φ _d represents the fourth transformation process determined according to the precise descriptor, Φ _d ^x represents the first transformation component used to obtain the first coordinate component of the first auxiliary point in the fourth transformation process, and Φ _d ^y represents the fourth transformation The second transformation component used to obtain the second coordinate component of the first auxiliary point during processing. It can be understood that Φ _d may have only the second transformation component without the first transformation component, that is, xi'=xi.

It should be noted that the fourth transformation process needs to satisfy (x,y)∣→(Φ _d ^x (x),Φ _d ^y (x,y)), where Φ _d ^x (x) represents the first transformation component and The second coordinate component of the first point has nothing to do with the first coordinate component of the first point; Φ _d ^y (x, y) means that the second transformation component can be related to the first coordinate component of the first point and It is related to the second coordinate component of the first point (or not related to the first coordinate component of the first point).

The fourth transformation process needs to meet the above conditions to ensure that in the authentication stage, the points in the first auxiliary point set can be determined from the auxiliary data according to the quantization value corresponding to the biometric template to be authenticated. The fourth transformation process needs to be reversible to ensure that it can According to the first auxiliary point in the auxiliary data, the corresponding points in the first point set are restored.

For example, when using Embodiment 2.1 to generate the first and second auxiliary data respectively based on the same biometric template twice, the first algebraic curve determined according to the key corresponding to the first auxiliary data is f, and according to the corresponding key of the second auxiliary data The second algebraic curve determined by the key is g, and the fourth transformation process is to use the precise descriptor d and the error correction code word f(x)/g(x) to perform XOR operation, then the first auxiliary data

(where i=1-n, is the real detail point, x' is the hash point, ε is random noise), the second auxiliary data

(where i=1-n is the real minutiae point, x' is the hash point, and δ is the random noise). If the descriptor d is ambiguous, in order to correct d, it is necessary to perform another round of error correction code coding on the error correction code word f(x)g(x), then there is

If the attacker gets H1 and H2, and

Then there are {xi, Enc(f(xi)+g(xi))}∪{x', Enc(f(x')+g(x'))+ε+δ}. In this way, the second coordinate component of the real minutiae point corresponds to the error-correcting code word of the error-correcting code Enc, and the second coordinate component of the hash point does not necessarily correspond to the error-correcting code word due to the randomness of the noise, so the attacker can Most of the real minutiae points are screened out based on the auxiliary data, which makes the biometric identification algorithm unsafe. When precise descriptors are used, this problem can be overcome without encoding f(xi), g(xi) with an error-correcting code.

In the second implementation manner 2.2 of the second optional implementation manner, there is no clear boundary between steps S110 and S120, and steps S110 and S120 may be implemented as:

S1105: Determine parameters of the first algebraic curve according to the key corresponding to the first auxiliary data. See step S1101.

S1107: Determine the parameters of the first mapping relationship according to the quantization value and the first algebraic curve;

Wherein, there is a first mapping relationship between the first set and the second set.

It should be noted that the first set and the second set are introduced to describe the first mapping relationship, and it is not necessary to generate or store the first set and the second set.

The first subset of the first set is determined by the quantization value; the first value in the first subset is the first coordinate component, and the value in the second set that satisfies the first mapping relationship with the first value is the second coordinate component The subset point has a second functional relationship with the second point on the first algebraic curve; the first coordinate component of the second point is a quantized value corresponding to the first value. All or most of the value in the complement of the first subset in the first set is the first coordinate component, and the value in the second set that satisfies the first mapping relationship with this value is the complement point of the second coordinate component and the first Points on an algebraic curve do not have a second functional relationship.

It can be understood that the first value is any value in the first subset.

That is to say, the first mapping relationship needs to make the first coordinate component and the second coordinate component of the subset point and the complement point satisfy the first mapping relationship, and the subset point and the second point on the second algebraic curve have The second functional relationship, and all or most of the complement points do not have the second functional relationship with the points on the second algebraic curve.

Exemplarily, the first mapping relationship can be expressed as formula 1.1,

Among them, the element in the first set is X, the element corresponding to X in the second set is V(X), the first algebraic curve is f(X), and A is the set x1, x2,...xn, i corresponding to the quantized value for 1-n. For the subset points, the second item in formula 1.1 is 0, and the second functional relationship is identity mapping.

In this embodiment, the first mapping relationship is an n-order polynomial, and V(X) is expanded to obtain the coefficients of each power term of X in the n-order polynomial.

S1109: Determine first auxiliary data according to parameters of the first mapping relationship.

Exemplarily, the parameters of the first mapping relationship are used as the first auxiliary data. For example, polynomial coefficients are used as the first auxiliary data.

In this embodiment, the first coordinate component and the second coordinate component of the subset point, that is, the real point, and the complement point, that is, the hash point, conform to the same first mapping relationship, and only need to store the parameters of the first mapping relationship, without storing the real Point and hash point coordinates, greatly saving storage space.

In a specific implementation manner, step S1107 includes: determining parameters of the first mapping relationship according to the quantization value, the precise descriptor and the first algebraic curve.

When the precise descriptor is used, the first mapping relationship can be determined according to the precise descriptor.

Exemplarily, the first mapping relationship can be expressed in the form of formula 1.3 or formula 1.5:

Among them, the element in the first set is X, the element corresponding to X in the second set is V(X), the first algebraic curve is f(X), and A is the set x1, x2,...xn, i corresponding to the quantized value is 1-n, Φ _d is the transformation process related to the precise descriptor. The second functional relationship is determined according to Φ _d .

It can be understood that Φ _d needs to meet the same conditions as the fourth transformation process, so as to ensure that in the authentication stage, subset points can be selected from the auxiliary data according to the quantitative value corresponding to the biometric template to be authenticated. At the same time, Φ _d needs to be reversible to ensure that the second point can be restored according to the auxiliary data. It can be understood that, in Equation 1.3 and Equation 1.5, Φ _d only includes the second transformation component.

In the third implementation manner 2.3 of the second optional implementation manner, steps S110 and S120 may be implemented as:

S1111. Determine an error correction code word according to the key corresponding to the first auxiliary data;

In a specific implementation, the key corresponding to the first auxiliary data is k-dimensional, and the codebook contains a plurality of n-dimensional error correction code words. According to the key corresponding to the first auxiliary data, from the codebook The error correction code word corresponding to the key corresponding to the first auxiliary data is determined from the error correction code word.

Exemplarily, the key corresponding to the first auxiliary data is expanded into an n-dimensional vector by padding zeros, and the error-correcting code word closest to the n-dimensional vector is determined from the error-correcting code words in the codebook as the first An error correction code word corresponding to the key corresponding to the auxiliary data. Exemplarily, the key corresponding to the k-dimensional first auxiliary data is converted into an n-dimensional vector by performing an operation with a k*n coding matrix as an error correction code word.

S1205. Determine a permutation operation according to the biological vector corresponding to the quantization value; apply the permutation operation to the codeword of the error correction code to obtain first auxiliary data.

In this step, the binding of the code word of the error correction code and the quantized value is realized in the encoding operation through the replacement operation, that is, the binding of the key corresponding to the first auxiliary data and the biometric template is realized.

It is understandable that the quantized value itself can be in the form of a vector, and it can be considered that the quantized value itself is a biological vector. When the quantized value itself is not in vector form, the quantized value can be converted into its corresponding biological vector.

For example, the quantized value includes 64 quantized values corresponding to 64 fingerprint minutiae points, and the biometric data corresponding to each quantized value can be represented by minutiae position, angle i, j, θ, where i, j, θ occupy 5, 4 , 3bit, and the other 6bits represent the detail points corresponding to the quantized value, then each quantized value corresponds to a 12-bit vector, and the biological vector corresponding to the 64 quantized values is 18 bits.

Exemplarily, step S1205 may be expressed as H=K _X (c). where K _X is a permutation operation determined according to X. The replacement operation may include translation and rotation relative to the biological vector X, and the replacement operation may be a matrix operation with the biological vector X. For example, the replacement operation determined according to the biological vector corresponding to the quantized value is "

” That is, XOR operation with the biological vector,

Essentially characterizes the amount of translation of c relative to X. It is understandable that, for some permutation operations, it is required that the biometric vector X and the code word c of the error correction code have the same length.

Exemplarily, the result of the permutation operation can be directly used as the first auxiliary data, that is, H=K _X (c), or the result of the permutation operation can be used as the first auxiliary data after subsequent transformation processing.

In a specific embodiment of performing subsequent transformation processing on the result of the permutation operation to obtain the first auxiliary data, the permutation operation is applied to the codeword of the error correction code to obtain the first auxiliary data, including:

S1205a, apply the permutation operation to the code word of the error correction code to obtain a permutation operation result;

S1205b. Perform the fifth transformation process on the result of the permutation operation to obtain the first auxiliary data; the fifth transformation process is determined according to the precise descriptor; the fifth transformation process is reversible transformation, so as to ensure that the permutation operation can be restored according to the first auxiliary data As a result, the key corresponding to the first auxiliary data is further restored.

Exemplarily, the variable of the fifth transformation process can be the replacement operation result K _X (c) (at this time, H=Φ _d (K _X (c))), or the replacement operation result K _X (c) and biological Vector X (at this time, H=Φ _d (X, K _X (c))).

When step S430 is implemented through the third optional implementation manner, precise descriptors may be used in S129 and S140.

For the manner and effect of using the precise descriptor in S129, refer to the description of S109, and details will not be repeated here.

In implementation manner 3.1 of the third optional implementation manner, steps S130-S150 may be implemented as:

S1301. Randomly determine an error correction code word;

S1401. Determine a permutation operation according to the biological vector corresponding to the quantization value; apply the permutation operation to the codeword of the error correction code to obtain first auxiliary data;

This embodiment is similar to Embodiment 2.3, except that the code word of the error correction code is determined randomly instead of according to the key corresponding to the first auxiliary data.

S150. Generate a key corresponding to the first auxiliary data according to the quantization value.

Exemplarily, a k-dimensional key is generated according to the quantized value and a random quantity, so that different keys can be generated according to the same biometric template. Exemplarily, the random amount is included in the first auxiliary data.

In implementation manner 3.2 of the third optional implementation manner, steps S130-S150 may be implemented as:

S1303. Determine that the codeword with the closest distance to the biological vector corresponding to the quantization value is the codeword of the error correction code;

S1403. Obtain first auxiliary data according to the difference between the biological vector and the codeword of the error correction code.

Exemplarily, the biological vector is X, the code word of the error correction code is C, and H=X-C.

S150. Generate a key corresponding to the first auxiliary data according to the quantization value. Refer to the description of S150 in Embodiment 3.1.

It can be understood that in steps S1401 and 1403, the result of the permutation operation or the calculated difference can be directly used as a part of the first auxiliary data, and the result of the subsequent transformation process based on it can also be used as the first auxiliary data a part of. It is understandable that the first auxiliary data may further include a random amount used when generating a key corresponding to the first auxiliary data according to the quantization value.

Exemplarily, obtaining the first auxiliary data in steps S1401 and S1403 includes: obtaining the first auxiliary data through a sixth transformation process; the sixth transformation process is determined according to the precise descriptor, and the sixth transformation process is reversible. For the description of the sixth conversion process, see the fifth conversion process.

It can be understood that if the fourth transformation process, Φ _d in Embodiment 2.2, the fifth transformation process, or the sixth transformation process are related to the descriptor and the descriptor is fuzzy, in the authentication phase, the Error correction is performed on fuzziness, and error correction is also performed on the fuzziness of the quantized value. Using an accurate descriptor can reduce two layers of error correction to one layer of error correction, thereby increasing the decoding speed.

In a specific embodiment, the acquisition, use (such as step S430, or the part of S430 involving the quantization value and the key corresponding to the first auxiliary data) and/or transmission process of the key corresponding to the first auxiliary data or other keys (For example, sent from the terminal to the server) are all executed in the terminal device TEE (Trusted Execution Environment, Trusted Execution Environment). In this way, it can be guaranteed that the key will not leave the TEE and will not be leaked, further ensuring the security of the biometric system.

Since the image to be processed includes the biometric region and also involves user privacy, it is hoped that the process from the acquisition of the image to be processed to preprocessing, obtaining the biometric template, and obtaining auxiliary data from the biometric template are all carried out in the TEE. Both power and storage space are limited, and each step is difficult to implement in TEE execution. At this time, each step can be executed in TEE with a certain priority. In a specific implementation, step S420 is divided into different sub-steps in the following two ways, and each sub-step is executed in TEE with a certain priority:

Division 1, step S420 includes: determining a first intermediate result according to the first biometric region, and determining a first biometric template according to the first intermediate result;

Wherein, the first intermediate result determined according to the first biometric area is executed in the trusted execution environment with the first priority; the first biometric template determined according to the first intermediate result is executed in the trusted execution environment with the second priority implement.

In this way, step S420 is divided into two sections. When the TEE resources are sufficient, both sections can be executed in the TEE; otherwise, the two sections can be executed in the TEE with a certain priority.

Division 2, determining the second intermediate result according to the first biometric region; determining the third intermediate result according to the second intermediate result; determining the first biometric template according to the third intermediate result;

Wherein, the second intermediate result determined according to the first biometric area is executed in the trusted execution environment with the first priority; the first biometric template determined according to the third intermediate result is executed in the trusted execution environment with the second priority Executing: determining according to the second intermediate result that the third intermediate result is executed in the trusted execution environment with a third priority.

In this way, step S420 is divided into three stages. When TEE resources are sufficient, all three stages can be executed in TEE; otherwise, the three stages can be executed in TEE with a certain priority.

Wherein, the third priority is lower than the first priority, and the third priority is lower than the second priority. There is no limitation on which of the above-mentioned first priority and second priority is higher or lower, and "first" and "second" do not mean high or low priority.

It is understood that steps not performed in the TEE are performed in the REE. On the one hand, the process of performing shallow transformation according to the first biometric region to obtain intermediate results has a strong correlation with the first biometric region, which involves user privacy, and should be placed in TEE with a high priority (first priority); on the other hand, On the one hand, under the premise that step S430 has been executed in TEE, placing the part closely connected with step S430 in step S420 in TEE does not increase the communication cost between TEE and REE, and it can be considered as a high priority (section Second priority) into the TEE. Based on the above two considerations, in the division method 2, the step of determining the third intermediate result according to the second intermediate result is neither a step with strong correlation with the first biometric feature area, nor a step closely connected with step S103, Can be executed in the TEE with the lowest priority. Which one of the first priority and the second priority is higher can be determined according to whether it is more desirable to protect the data with a stronger correlation with the first biometric area, or to reduce the communication cost between TEE and REE. choose.

Embodiment three

Based on the same idea, the embodiment of the present disclosure also provides a privacy-protected image processing device corresponding to the privacy-protected image processing method. Since the problem-solving principle of the device in the embodiment of the present disclosure is the same as the implementation of the aforementioned privacy-protected image processing method Therefore, the implementation of the device in this embodiment can refer to the description in the embodiment of the above-mentioned method, and repeated descriptions will not be repeated.

Each module in the privacy-protected image processing apparatus in this embodiment is used to execute each step in the above method embodiment. As shown in FIG. 5 , the privacy-protected image processing device in this embodiment may include: a first acquisition module 510, a first determination module 520, and an encoding module 530; wherein,

The first acquiring module 510 is configured to acquire an image to be processed, the image to be processed includes a first biometric feature area, and the first biometric feature area includes a plurality of first feature points;

The first determining module 520 is configured to determine a first biometric template of the first biometric region according to the first biometric region, where the first biometric template includes a plurality of biometric data corresponding to a plurality of first characteristic points;

The encoding module 530 is configured to perform an encoding operation according to the first biometric template to obtain the first auxiliary data; wherein, the encoding operation includes an irreversible transformation.

Embodiment four

The embodiment of the present disclosure provides an identity registration method 600. The identity registration method 600 in this embodiment is applied to a terminal device. The specific process of this embodiment will be described in detail below in conjunction with the steps of the identity registration method 600.

In step 610, the first auxiliary data in the registration information of the object to be registered is determined through the privacy-protected image processing method 400 .

The privacy-protected image processing method mentioned in this embodiment can be the privacy-protected image processing method provided in Embodiment 2. Therefore, for the method of obtaining the first auxiliary data in this embodiment, please refer to the description in Embodiment 2 , which will not be repeated here.

The object to be registered refers to the target object that needs to be registered before authentication.

The registration method of this embodiment may also include storing the registration information in a database on the terminal device or a database of a server communicatively connected to the terminal device.

When the first auxiliary data in the registration information is determined according to the first implementation manner in step S430, the registration information may only include the first auxiliary data, and by comparing the auxiliary data to be authenticated and the first auxiliary data generated in the authentication stage, Determine the authentication result. When the first auxiliary data in the registration information is determined according to the second or third implementation in step S430, in the authentication stage, the key to be authenticated can be determined according to the decoding result of the error correction code, by comparing the key to be authenticated with The key corresponding to the first auxiliary data verifies the key to be authenticated to determine the authentication result. When the first auxiliary data in the registration information is determined according to the second or third implementation manner in step S430, in order to further improve system security performance, biometrics can be combined with other factors for multi-factor authentication. A possible multi-factor authentication method is: in the registration phase, transform the key corresponding to the first auxiliary data with other factors to obtain the first multi-factor key; key, obtain other factors again, perform the same conversion process as in the registration stage on the key to be authenticated and other factors obtained in the authentication stage, and obtain the multi-factor key to be authenticated, and compare the multi-factor key to be authenticated with the first multi-factor key Verify the multi-factor key to be authenticated to determine the authentication result. It can be understood that when using multi-factor authentication, in addition to verifying the multi-factor key to be authenticated, the key to be authenticated may also be verified.

When the first auxiliary data in the registration information is determined according to the second or third implementation in step S430, since the key to be authenticated and/or the multi-factor key to be authenticated needs to be verified during the authentication phase, the registration The information also needs to include information required for verification of the key to be authenticated and/or the multi-factor key to be authenticated.

In a specific implementation manner, verifying the key may include verifying the key by comparing hash values of the key. At this time, the above registration information may also include: The first hash value generated by the key and/or the second hash value generated according to the first multi-factor key, the first hash value and the second hash value are respectively used for the key to be authenticated and the key to be authenticated in the authentication phase Multi-factor keys are verified. It can be understood that the first hash value and the second hash value can be determined according to the key, can be determined according to the key and the default hash parameter, or can be determined according to the key and the set (non-default) hash parameter OK, where the hash parameters include the salt value and/or the number of rounds of the hash operation. When using the set hash parameters for hash operations, different hash parameters can be used for different users to be registered, or different hash parameters can be used for different application scenarios of the same user, so that the biometric system can meet the requirements to a greater extent. revocation. It can be understood that when using the set hash parameter for hash operation, the registration information also needs to include additional hash parameters, so that the key to be authenticated can be decoded according to the same hash parameter in the authentication stage or the key to be authenticated can be obtained by The hash operation is performed on the multi-factor key to be authenticated determined by the key.

Based on the above description, in addition to the first auxiliary data, the content contained in the registration information may also include but not limited to the following situations: (1) the first hash value; (2) the first hash value + the first hash parameter; (3) second hash value; (4) second hash value + second hash parameter; (5) first hash value + second hash value; (6) first hash value + The first hash parameter + the second hash value + the second hash parameter.

If the registration information also includes the first hash value, correspondingly, the identity registration method in this embodiment may also include:

Step 611: Perform a hash operation according to the key corresponding to the first auxiliary data to determine a first hash value in the registration information. Wherein, performing the hash operation according to the key corresponding to the first auxiliary data may also be performing the hash operation according to the key corresponding to the first auxiliary data and the first hash parameter.

If the registration information also includes the second hash value, correspondingly, the identity registration method in this embodiment may also include:

Step S612, perform the ninth conversion process according to the key corresponding to the first auxiliary data and the first conversion key, and obtain the first multi-factor key; Step S613, perform a hash operation according to the first multi-factor key, and determine the registration information The second hash value in . Wherein, performing the hash operation according to the first multi-factor key may also be performing a hash operation according to the first multi-factor key and the second hash parameter.

As can be seen from the foregoing, this embodiment corresponds to a multi-factor authentication scenario, and other factors can be other biometric features or user passwords, etc. Preferably, other factors are accurate rather than vague, and the embodiments of the present disclosure use other factors as user passwords For example, the user password is directly used as the first transformation key or the first transformation key is generated according to the received user password. Generating the first conversion key according to the user password is, for example, performing one or more processes of format conversion, digit padding, and verification information addition on the user password to generate the first conversion key.

Exemplarily, the key corresponding to the first auxiliary data and the first transformation key may be combined through a ninth transformation process, and the ninth transformation process may be any reversible or irreversible transformation. For example, the ninth transformation process may be to use the key corresponding to the first auxiliary data to perform symmetric encryption on the first transformed key, and use the first transformed key to perform symmetric encryption to the key corresponding to the first auxiliary data. Compared with separately authenticating a plurality of independent factors, combining multiple factors enables only one verification of the combined result in the authentication stage to determine whether the multiple independent factors are correct.

Exemplarily, performing the ninth transformation process according to the key corresponding to the first auxiliary data and the first transformation key to obtain the first multi-factor key may include: according to the key corresponding to the first auxiliary data and the first transformation key Carry out ninth transformation processing, add verification information to the transformation processing result, and obtain the first multi-factor key. For example, redundant bits are determined according to the transformation result, and the first multi-factor key includes the transformation result and the redundant bits.

It can be understood that the registration information can also include the first hash value and the second hash value at the same time, so as to verify both the key to be authenticated and the multi-factor key to be authenticated. At this time, the identity registration method includes step S611 , step 612 and step 613.

In an optional implementation manner, before the key is verified by the hash value, a preliminary verification may be performed on the key, and a key that passes the preliminary verification is subjected to subsequent verification. It can be understood that the preliminary verification consumes less computing power and/or requires less network communication than the subsequent verification, and the preliminary verification can improve the authentication efficiency by narrowing the range of keys that need to be subjected to subsequent verification.

Exemplarily, preliminary verification can be performed through the verification information contained in the key to be authenticated and the multi-factor key to be authenticated (for example, redundant bits contained in the key), and additional verification values can also be used to treat The authentication key and the multi-factor key to be authenticated are initially verified. When preliminary verification is performed on the key to be authenticated and/or the multi-factor key to be authenticated by means of an additional check value, the registration information may also include the first check value and/or the second key corresponding to the key corresponding to the first auxiliary data. A second check value corresponding to a multi-factor key (for example, the check value is the result of operation of the values corresponding to some or all bits in the key), the first check value and/or the second check value need The corresponding first auxiliary data is stored in association with it. Correspondingly, the identity registration method provided by the embodiment of the present disclosure may further include: generating a first verification value according to a key corresponding to the first auxiliary data and/or generating a second verification value according to the first multi-factor key.

In a specific embodiment, the database for storing registration information includes a first data table and a second data table; the first auxiliary data corresponding to the object to be registered and other registration information of the object to be registered are associated and stored in the first data table , other registration information of the object to be registered includes: at least one of the first index feature, the first hash parameter, the second hash parameter, noise information, and a check value; the associated storage of the object to be registered is stored in the second data table The first hash value or the second hash value corresponding to the user identifier and the object to be registered.

Among them, user identification can be understood in a broad sense, including information such as user name and certificate number. Sensitive information such as the low-discrimination features extracted from the image to be processed used for registration, the low-discrimination features extracted from the first biometric template, the low-discrimination features extracted from the quantitative value, and the registration time are often related to the first The auxiliary data is stored in association, so as to facilitate filtering of the first auxiliary data. In order to prevent the user identification from being associated with sensitive information, when the first auxiliary data is stored in association with the sensitive information, the user identification is often stored independently of the first auxiliary data. Exemplarily, the first auxiliary data may be stored in association with information such as sensitive information, hash parameters, and verification values in the first data table, and the user ID and the first hash value and/or the second hash value may be associated and stored in The second data table, after it is determined that there is a base first hash value that matches the hash value to be authenticated of the key to be authenticated and/or it is determined that there is a multifactor hash to be authenticated that matches the multifactor key to be authenticated Only when the value matches the second hash value of the bottom library can the user identifier be determined in the second data table according to the matched hash value.

In a specific implementation, the fourth embodiment may also include step S614: the terminal device performs feature extraction on the first biometric feature area to obtain the first index feature, and the discrimination degree of the first index feature is lower than that of the first biometric feature template. distinction.

Exemplarily, the discrimination degree of the index feature is at least one magnitude lower than that of the first biometric template, and may be in the form of a vector or a graph. The discrimination of index features only needs to reduce the large base library to a sufficiently small candidate list (that is, reduce the amount of data that needs to be compared). The candidate list is small enough to mean that, with the computing power of the device, in the authentication stage, the total comparison time for comparing the biometric template of the object to be authenticated with each record in the candidate list is within an acceptable time range. For example, it takes 20ms to compare the biometric template to be authenticated with a single record of the object to be authenticated, and the acceptable time range is 1s, so the candidate list needs to be reduced to 50 records to make the total comparison time within an acceptable time within range. The discrimination of index features should not be too high, otherwise, if the index features are not encrypted and stored, privacy will be leaked.

Exemplarily, the index feature may be a macro feature or a global feature. Exemplarily, when the biometric features refer to palm prints and palm veins, the index features may refer to global descriptive information of palm prints and palm veins, information related to finger palm shapes, finger knuckle lines, and palm rough lines At least one of the characteristics such as information.

At this time, the registration information also includes the first index feature, and the first index feature of the object to be registered is stored in association with the first auxiliary data of the object to be registered, so that in the authentication stage, it can be determined whether the first auxiliary data is used as a base database auxiliary data according to the first index feature. data.

In this way, the first auxiliary data corresponding to the first biometric template with a high degree of discrimination and the index features with a low degree of discrimination are acquired during the biometric registration phase, so that the index features can be used for preliminary screening in the authentication phase, and then used The first auxiliary data are sieved. On the one hand, the index features have a low degree of discrimination, and they do not need to be stored after complex irreversible transformations to ensure that privacy is not leaked, so that the index features can be used for comparison without error correction code decoding in the authentication stage, so the index features are used for comparison The calculation speed is fast. In contrast, the decoding operation corresponding to the irreversible transformation/encoding operation is involved in the comparison with auxiliary data, and the operation speed is slow. First, the index feature comparison with the fast operation speed can quickly and greatly reduce the candidate list, making The slow irreversible transformation/decoding operation within the candidate list does not significantly affect performance; at the same time, the discrimination of index features is poor, and the discrimination of biometric templates is good. The final authentication result is determined by the biometric template, which can ensure the authentication accuracy. ; On the other hand, the discrimination of index features is poor. Even if the biometric system is breached and the index features are leaked, it is impossible to identify specific objects based on the index features. The first auxiliary data is obtained through irreversible transformation, even if the second If the auxiliary data is leaked, the first biometric template cannot be obtained from the first auxiliary data through irreversible inverse transformation. Therefore, the method in the embodiment of the present invention has high security. It can be seen that the method in the embodiment of the present invention can balance performance, precision and security.

In a specific implementation manner, in order to further improve the security of the first index feature and control the size of the candidate list, noise may be added to the first index feature. For example, in the authentication stage, when Zhang San’s second index feature is used for preliminary screening, if the first index feature of Zhang San’s registration does not add noise, the distance between the first index feature and the second index feature is 5. The initial screening condition can be: an index feature whose distance from the second index feature is not greater than 5. At this time, for example, 20 initial screening results are returned in the bottom database; if Zhang San’s first index feature added certain noise when he registered , so that the distance between the noise-added first index feature and the second index feature is 10, and the initial screening condition can be: the index feature whose distance from the second index feature is not greater than 10. At this time, you can no longer use too strict preliminary screening conditions, otherwise the actual matching objects will be filtered out in the preliminary screening stage. At this time, for example, 50 preliminary screening results will be returned in the bottom library. It can be seen that when the noise intensity added to the first index feature becomes larger, in order to avoid missing the real matching object, the initial screening conditions are relaxed, the number of records in the candidate list increases, and the auxiliary data corresponding to the index features that are initially screened out are sent to The time-consuming for the terminal becomes longer, and the time-consuming for fine screening becomes longer, but the security of the first index feature becomes better. The specific noise information (at least one of the noise adding method and the noise intensity) can be weighed according to comparing the requirements on the total time consumption and the security requirements on the first index feature. The way/strength of adding noise may be fixed, or may be determined according to at least one factor among noise adding decision information such as performance information of the terminal device, network information between the terminal device and the server, and expected security level.

If noise information is added to the first index feature, it needs to go through the steps of obtaining noise addition decision information, determining noise information according to the noise addition decision information, and adding noise to the first index feature according to the noise information. Each step can be completed by a terminal device or a server, and which subject to complete depends on considerations such as specific operational efficiency and security. At this time, if the noise information added to the first index feature of each object to be registered is different, the registration information of the object to be registered also includes the noise information stored in association with the first auxiliary data, so as to dynamically determine according to the noise information during the authentication phase. The distance condition used to determine whether the first auxiliary data passes the screening.

Embodiment five

Based on the same idea, an identity registration device corresponding to the identity registration method is also provided in the embodiment of the present disclosure. Since the problem-solving principle of the device in the embodiment of the present disclosure is similar to the aforementioned embodiment of the identity registration method, the method in this embodiment For the implementation of the device, reference may be made to the descriptions in the embodiments of the above methods, and repeated descriptions will not be repeated.

Each module in the identity registration device in this embodiment is used to execute each step in the above method embodiment. The identity registration device includes: a second determination module.

The second determination module is configured to determine the first auxiliary data in the registration information of the object to be registered through the privacy-protected image processing method provided in the above embodiment.

Embodiment six

The identity authentication method 700 provided by the embodiment of the present disclosure. The method in this embodiment can be executed by a terminal device. The device performing the authentication method may be the same as or different from the device performing the registration method. The specific flow of the identity authentication method 700 will be described in detail below.

Step 710, acquire the image to be authenticated of the object to be authenticated.

The image to be authenticated includes a second biometric feature area, and the second biometric feature area includes a plurality of second feature points.

In this embodiment, the image to be authenticated can be acquired by using the acquisition method of the image to be processed involved in the above embodiment.

Step 720, according to the second biometric area, determine a biometric template to be authenticated in the second biometric area.

It should be noted that the biometric template to be authenticated can be understood in a broad sense, and the biometric template to be authenticated may include biometric representations corresponding to multiple second feature points, and may also include biometric features used to determine multiple second feature points. represents the intermediate result.

It can be understood that, if the decoding operation is completed at the terminal, the biological feature template to be authenticated may include multiple biological feature representations corresponding to the second feature points. For example, during registration, the first biometric template is determined according to the first biometric region through the feature extraction steps a-e. During authentication, the biometric template to be authenticated is determined through steps a-e. If the decoding operation is completed on the server, the biometric template to be authenticated extracted by the terminal may include biometric representations corresponding to multiple second feature points, and may also include intermediate results for determining the biometric representations corresponding to multiple second feature points , at this time, the server completes determining the biological feature representations corresponding to the multiple second feature points according to the intermediate results and subsequent steps. For example, during registration, the first biometric template is determined according to the first biometric region through the feature extraction steps a-e. During authentication, the terminal device may determine the biometric template to be authenticated through steps a-b, and the server may complete steps c-e, or the terminal device may determine the biometric template to be authenticated through steps a-e.

That is to say, the terminal device can determine the biometric template to be authenticated in the second biometric area according to the second biometric area through at least the first half of the feature extraction step same as determining the first biometric template according to the first biometric area .

Step 730, acquiring the identity authentication result of the object to be authenticated.

The identity authentication result is determined according to the biometric template to be authenticated and the auxiliary data in the bottom database. Wherein, the base database auxiliary data includes at least one first auxiliary data; the first auxiliary data is determined through the identity registration method 600 .

The database for storing registration information can be located in the terminal, or located in the server or obtained by the server. When the database for storing registration information is located in the terminal, the steps of determining the identity authentication result according to the biometric template to be authenticated and the auxiliary data in the base database are all completed by the terminal; when the database for storing registration information is located in the server or obtained by the server At this time, some steps are completed by the terminal, and some steps are completed by the server. At this time, it is preferable to transmit data that does not involve user privacy, such as auxiliary data and hash values corresponding to keys, between the terminal and the server. It is not recommended to transmit biometric templates, For data such as quantized values and keys, a secure channel is required to transmit such data.

Corresponding to the first to third implementation manners in step S430, the identity authentication result of the object to be authenticated can be determined in different ways according to the biometric template to be authenticated and the auxiliary data in the base database. For the second and third implementation manners in step S430, authentication can be performed in two ways: non-multi-factor and multi-factor. The various methods are described below:

First, S730 corresponding to the second (steps S109, S110-S120) or third implementation (steps S129, S130-S150) in step S430 will be described.

In a specific implementation of non-multi-factor authentication, where the terminal performs decoding, step S730 includes:

S740. Obtain auxiliary data of the base bank. If the database for storing the registration information is located in the terminal, the terminal directly obtains the bottom bank auxiliary data from itself; otherwise, it receives the bottom bank auxiliary data from the server.

For the case of 1:N, the bottom database auxiliary data may be all first auxiliary data in the stored registration information, or the first auxiliary data after preliminary screening. For example, based on user ID, device ID, registration time, authentication time, authentication location, low-discriminatory features extracted from images to be authenticated, low-discrimination features extracted from biometric templates to be authenticated, and quantitative values to be authenticated The low-discriminatory features and other limiting factors screen out the bottom library auxiliary data from the full amount of first auxiliary data. For the case of 1:1, the base library auxiliary data may be the first auxiliary data uniquely determined according to user identification, device identification, and the like. It can be understood that if the restriction factors are used for preliminary screening of the auxiliary data, the restriction factors and the first auxiliary data need to be associated and stored, so as to filter out the first auxiliary data meeting the requirements of the restriction factors as the bottom database auxiliary data.

S750. Perform quantification according to the biometric template to be authenticated to obtain a quantified value to be authenticated.

S760. Perform a decoding operation corresponding to the encoding operation according to the quantization value to be authenticated and the auxiliary data of the base library, and determine at least one key to be authenticated corresponding to at least one first auxiliary data included in the auxiliary data of the base library.

S770. Verify the key to be authenticated, and determine an identity authentication result of the object to be authenticated. The identity authentication result may include authentication success or failure. If the database for storing registration information is located at the terminal, the information (such as the first hash value) for verifying the key to be authenticated is also located at the terminal, and the terminal itself performs verification; if the database for storing registration information is located at The server may be obtained by the server, and the server has issued information to the terminal to verify the key to be authenticated, and the terminal itself will perform the verification; if the database used to store the registration information is located on the server or obtained by the server, and the server has not sent the terminal Send the information of verifying the key to be authenticated, and then the server performs verification (for example, the terminal sends the hash value of the key to be authenticated to the server, and the server uses the hash value of the key to be authenticated to verify).

Specifically, the hash value of the key to be authenticated can be used to verify the key to be authenticated. At this point, the first auxiliary data and the first hash value are correspondingly stored in the registration information. S770 may include: determining corresponding hash values to be authenticated according to part or all of the keys to be authenticated, and determining an identity authentication result of the object to be authenticated according to the hash values to be authenticated.

Among them, for a hash value to be authenticated, if there is a first hash value in the base library that matches the hash value to be authenticated in the first hash value of the base library, then the key to be authenticated corresponding to the hash value to be authenticated The verification result of the verification is passed; the first hash value of the bottom database is the first hash value corresponding to the first auxiliary data contained in the auxiliary data of the bottom database.

It can be understood that when the first hash value of the bottom library is located at the terminal, the terminal judges whether there is a first hash value of the bottom library that matches the hash value to be authenticated. , the terminal sends the hash value to be authenticated to the server, and the server judges whether there is a first hash value of the bottom library that matches the hash value to be authenticated.

Wherein, determining its corresponding hash value to be authenticated according to all keys to be authenticated refers to calculating its hash value for each key to be authenticated; determining its corresponding hash value to be authenticated according to some of the keys to be authenticated means that only the hash values of some of the keys to be authenticated are calculated. For example, preliminary verification is performed on the key to be authenticated to obtain a key to be authenticated that passes the preliminary verification, and a hash value of the key to be authenticated that passes the preliminary verification is calculated.

In a specific implementation of multi-factor authentication and terminal decoding, step S730 includes:

S740. Obtain auxiliary data of the base bank.

S780. Obtain a multi-factor key to be authenticated according to part or all of the key to be authenticated and the second transformed key.

The second transformation key is determined according to the user password received in the authentication stage, for example, directly using the user password in the authentication stage as the second transformation key or generating the second transformation key according to the received user password. Generating the second conversion key according to the user password is, for example, performing one or more processes of format conversion, digit padding, and verification information addition on the user password to generate the second conversion key. It can be understood that, the manner of determining the second conversion key from the user password in the authentication phase is the same as the manner of determining the first conversion key from the user password in the registration phase.

It can be understood that, in the registration stage, the key corresponding to the first auxiliary data and the first transformation key can be used as the variables of the ninth transformation process, and in the authentication stage, the key to be authenticated and the second transformation key can be used as the ninth transformation process variables. Variables for transformation processing. That is to say, the variables of the ninth transformation processing in the registration phase and the authentication phase are different, but the parameters are the same.

The multi-factor key to be authenticated can be determined according to each key to be authenticated, or the key to be authenticated can be determined according to the part of the key to be authenticated after preliminary verification, or the key to be authenticated that has passed the verification (at this time, when determining the multi-factor key to be authenticated Before entering the key, the key to be authenticated needs to be verified, and the registration information includes information such as the first hash value used to verify the key to be authenticated) to determine the multi-factor key to be authenticated.

S790. Verify the multi-factor key to be authenticated, and determine an identity authentication result of the object to be authenticated. For the description of this step, refer to S770.

Specifically, the hash value of the multi-factor key to be authenticated can be used to verify the multi-factor key to be authenticated. At this time, the first auxiliary data and the second hash value are correspondingly stored in the registration information. S790 may include: determining a corresponding multi-factor hash value to be authenticated according to part or all of the multi-factor key to be authenticated, and determining an identity authentication result of the object to be authenticated according to the multi-factor hash value to be authenticated.

Among them, for a multi-factor hash value to be authenticated, if there is a second hash value of the bottom library that matches the multi-factor hash value to be authenticated in the second hash value of the bottom library, then the multi-factor hash value to be authenticated The verification result of the corresponding multi-factor key to be authenticated is verification passed; the second hash value of the bottom library is the second hash value corresponding to the first auxiliary data contained in the auxiliary data of the bottom library; the second hash value included in the registration information.

Likewise, the step of judging whether there is a matching second hash value of the bottom database can be performed by the terminal or the server.

Wherein, determining the corresponding multi-factor hash value to be authenticated according to all multi-factor keys to be authenticated refers to calculating its hash value for each multi-factor key to be authenticated; The corresponding multi-factor hash value to be authenticated means that only the hash values of part of the multi-factor key to be authenticated are calculated. For example, a preliminary verification is performed on the multi-factor key to be authenticated to obtain a multi-factor key to be authenticated that passes the preliminary verification, and a hash value of the multi-factor key to be authenticated that passes the preliminary verification is calculated.

In an implementation where the terminal device does not need to perform decoding, step 730 includes:

S800. Send the biometric template to be authenticated or the quantized value to be authenticated to the server through a secure channel; wherein the quantized value to be authenticated is obtained by quantifying the biometric template to be authenticated; if the biometric template to be authenticated is sent to the server, the server will Quantification is performed according to the biometric template to be authenticated to obtain a quantified value to be authenticated.

S810. Receive the identity authentication result of the object to be authenticated sent by the server. The identity authentication result may include authentication success or failure.

At this time, for the non-multi-factor scheme, after the server receives the biometric template to be authenticated or the quantized value to be authenticated sent by the terminal, S750 is executed (S750 is not executed when the terminal sends the quantized value to be authenticated to the server through the secure channel), S760 and S770, for the multi-factor scheme, after the server receives the biometric template to be authenticated or the quantized value to be authenticated sent by the terminal, S750 is executed (S750 is not executed when the terminal sends the quantized value to be authenticated to the server through the secure channel), S760, S780 and S790.

To ensure the security of data transmission, establishing a secure channel between the terminal and the server may be establishing a secure channel between the terminal equipment TEE and the server TEE. In this implementation, since the computing power of the server is generally stronger than that of the terminal device, the identification of the identity authentication result of the object to be authenticated is usually faster on the server than on the terminal device, based on the biometric template to be authenticated or the quantified value to be authenticated and the auxiliary data in the base database. However, the biometric template to be authenticated or the quantitative value to be authenticated needs to be transmitted.

In a specific implementation, the authentication method 700 further includes: acquiring a user ID corresponding to the matching hash value; wherein, when the key to be authenticated is verified and the identity authentication result of the object to be authenticated is determined, the matching hash value The verification result is the hash value to be authenticated corresponding to the key to be authenticated that passes the verification, or, when the multi-factor key to be authenticated is verified and the identity authentication result of the object to be authenticated is determined, the hash value is matched is the multi-factor hash value to be authenticated corresponding to the multi-factor key to be authenticated whose verification result is passed. Specifically, the terminal may determine the matching hash value, and the terminal may determine the user ID according to the matching hash value; the server may also determine the matching hash value, the server may determine the user ID according to the matching hash value, and the terminal receives the user ID; it may also be determined by the terminal Matching the hash value, the server determines the user ID according to the matching hash value, and the terminal receives the user ID. As before, in the second data table, the user ID of the object to be registered is associated with the first hash value or the second hash value corresponding to the object to be registered, and the user ID can be determined according to the matching hash value by querying the second data table conduct.

Steps S750 and S760 executed by the terminal or the server will be specifically described below.

Exemplarily, the biometric template to be authenticated in S720 includes a plurality of biometric representations corresponding to the second feature points; correspondingly, S750 is analogous to the step of performing quantification according to the first biometric template in step S430 to obtain a quantified value. It can be understood that, if the biometric representation in the registration stage contains precise descriptors, the authentication stage also needs to determine the precise descriptors to be authenticated in the same manner. If the precise descriptor is used in step S430, the precise descriptor to be authenticated needs to be correspondingly used in the same manner in step S750. Exemplarily, if the precise descriptor is used in S1091 and/or S1092 in step S430, the precise descriptor to be authenticated is used in S7501 and/or S7502 in step S750.

Step S7501, quantifying according to the biometric template to be authenticated includes: quantifying the biometric data and the precise descriptor included in the biometric template to be authenticated in the same manner as S1091.

Step S7502, obtaining the quantized value to be authenticated, includes: performing the third transformation process on the quantized result of step S7501, which is the same as step S1092, to obtain the quantized value to be authenticated, the third transformation process is determined according to the accurate descriptor to be authenticated; the third The transformation is handled as reversible or irreversible transformation;

Exemplarily, the quantization value X=φ _d (T), where T is the quantization result obtained in step S7501, and φ _d is the third transformation process determined according to the accurate descriptor to be authenticated.

For example, the quantization result obtained in S1091 is T(t1, t2,...tn), the precise descriptor corresponding to the feature point corresponding to each quantization result is D(d1, d2,...dn), and x1=φ _d1 is set in S1092 (t1), so that X(x1,x2...xn) can be determined. Correspondingly, the quantization results obtained in S7501 are T'(t1',t2',...tn'), and the accurate descriptors to be certified corresponding to the feature points corresponding to each quantization result are D'(d1',d2',...dn '), set x1'=φ _d1' (t1') in S7502, so that X'(x1', x2'...xn') can be determined.

In this way, when the image to be processed and the image to be authenticated contain the same biological position of the same object, X and X' are the same or sufficiently similar.

S760. Perform a decoding operation corresponding to the encoding operation according to the quantization value to be authenticated and the auxiliary data of the bottom library, and determine at least one key to be authenticated corresponding to at least one first auxiliary data included in the auxiliary data of the bottom library;

Exemplarily, the decoding operation corresponding to the encoding operation includes an error correction code decoding operation. Exemplarily, the decoding operation of the error correction code needs to correspond to the encoding operation of the error correction code during encoding, which may be BCH decoding or RS decoding. The error correction code word is used in step S430, so the corrected value determined in step S430 can be restored by decoding the error correction code according to the quantized value to be authenticated that is close enough to the quantized value corresponding to the first biometric template and the first auxiliary data. Error code word, and then decoded according to the error correction code code word to obtain the key corresponding to the first auxiliary data, or, according to the quantitative value to be authenticated that is close enough to the quantization value corresponding to the first biometric template and the first auxiliary data through The error correction code is decoded to recover the error correction code word determined in step S430, and then the quantization value corresponding to the first biometric template is determined according to the error correction code word, and then the key corresponding to the first auxiliary data is obtained according to the quantization value .

It can be understood that, for a first auxiliary data in the bottom library auxiliary data, when the first auxiliary data is the first auxiliary data contained in the registration information determined by the object to be authenticated at the registration stage, according to the quantitative value to be authenticated The key to be authenticated determined with the first auxiliary data is equal to the key corresponding to the first auxiliary data. When the first auxiliary data is not the first auxiliary data included in the registration information determined by the object to be authenticated at the registration stage, the key to be authenticated or the determined key to be authenticated cannot be determined according to the quantized value to be authenticated and the first auxiliary data. The authentication key is inconsistent with the key corresponding to the first auxiliary data. It can be understood that the failure to determine the key to be authenticated means that the key to be authenticated cannot be determined within polynomial time.

The following example illustrates how to perform the decoding operation corresponding to the encoding operation.

When the second implementation manner is implemented as 2.1, the first auxiliary data is a point set, and step S760 can be implemented as,

S7601. Using at least one first auxiliary data in the first auxiliary data as the current first auxiliary data, filter the query points in the current first auxiliary data according to the quantization value to be authenticated, and obtain the query point set corresponding to the current first auxiliary data. , the query point set includes a plurality of query points; the first coordinate component of the query point is determined according to the quantitative value to be authenticated.

Exemplarily, each first auxiliary data in the at least one first auxiliary data can be used as the current first auxiliary data in turn, or at least one first auxiliary data can be filtered, and the filtered first auxiliary data can be Each first auxiliary data is sequentially used as the current first auxiliary data.

Exemplarily, the first coordinate component of the query point is the quantified value to be authenticated; for example, the quantized value X'(x1',x2',..xn') to be authenticated, then the first coordinate component of each query point in the query point set They are x1', x2',...xn' respectively.

Exemplarily, if the points in the first auxiliary point set in the registration stage are obtained by performing the fourth transformation process on the first point, the first coordinate component of the query point is the first transformation of the fourth transformation process on the quantized value to be authenticated obtained by the inverse transformation of the components. It can be expressed as Φ _d ^x-1 (X'), where Φ _d ^x represents the first transformation component used to obtain the first coordinate component of the first auxiliary point in the fourth transformation process. It can be understood that the exact descriptor to be authenticated is used in the inverse transformation.

S7602. According to the query point set, use a decoding algorithm to restore the key to be authenticated corresponding to the current auxiliary data.

Exemplarily, if in the registration phase, the points in the first auxiliary point set are obtained directly from the first point, then according to the query point set, use a decoding algorithm to restore the key to be authenticated corresponding to the current auxiliary data.

Exemplarily, if in the registration stage, the points in the first auxiliary point set are obtained by performing the fourth transformation process on the first point, then the query curve point set is obtained according to the query point set (the second coordinate of the query point in the query point set The inverse transformation of the second transformation component of the fourth transformation process is performed on the component, wherein the inverse transformation uses the accurate descriptor to be authenticated), and according to the query curve point set, the decoding algorithm is used to restore the key to be authenticated corresponding to the current auxiliary data. The decoding algorithm is, for example, an algorithm that restores polynomials using Lagrangian interpolation.

It can be understood that if enough points in the query point set or query curve point set coincide with points in the first point set, the key to be authenticated corresponding to the current auxiliary data is consistent with the key corresponding to the first auxiliary data.

When the second embodiment is implemented as 2.2, the first auxiliary data is the parameter of the first algebraic curve, step S760 can be implemented as,

S7603. Using one of the at least one first auxiliary data as the current first auxiliary data, determine the query point corresponding to the current first auxiliary data according to the quantization value to be authenticated, and obtain the query point set corresponding to the current first auxiliary data. , the query point set includes multiple query points; the first coordinate component of the query point is determined according to the quantitative value to be authenticated, the second coordinate component of the query point and the first coordinate component of the query point satisfy the current first auxiliary data corresponding to Mapping relations;

Exemplarily, the first coordinate component of the query point is the quantified value to be authenticated; for example, the quantized value X'(x1',x2',..xn') to be authenticated, then the first coordinate component of each query point in the query point set They are x1', x2',...xn' respectively. The current first auxiliary data records the parameter values of the first algebraic curve, and the second coordinate component of the query point can be determined according to the first coordinate component of the query point.

Exemplarily, if the first auxiliary data in the registration phase is obtained according to the precise descriptor, then the first coordinate component of the query point is obtained by performing an inverse transformation of Φ _d ^x on the quantized value to be authenticated. It can be expressed as Φ _d ^x-1 (X'), where Φ _d ^x is Φ _d ^x used when determining the first mapping relationship in Embodiment 2.2. It can be understood that the exact descriptor to be authenticated is used in the inverse transformation.

S7604. According to the query point set, use a decoding algorithm to restore the key to be authenticated corresponding to the current auxiliary data.

Refer to the description of step S7602.

The decoding algorithm is, for example, an algorithm that restores polynomials using Lagrangian interpolation.

It can be understood that if enough points in the query point set or query curve point set coincide with points in the second point set, the key to be authenticated corresponding to the current auxiliary data is consistent with the key corresponding to the first auxiliary data.

In Embodiments 2.1 and 2.2, the error correction code codeword is first determined according to the auxiliary data through error correction code decoding (RS decoding), and then the key to be authenticated is determined according to the error correction code codeword by using Lagrangian interpolation.

When the second implementation manner is implemented as 2.3, step S760 may be implemented as,

S7605. Using one of the at least one first auxiliary data as the current first auxiliary data, determine the inverse operation of the replacement operation according to the biological vector to be authenticated corresponding to the quantitative value to be authenticated, and apply the inverse operation of the replacement operation to the current On the first auxiliary data or on the preprocessed current first auxiliary data, determine an error correction code word corresponding to the current first auxiliary data;

It can be understood that the replacement operation in step S7605 is in the same form as the replacement operation in step S1205, the replacement operation in step S1205 is determined according to the biological vector corresponding to the quantized value, and the replacement operation in step S7605 is determined according to the to-be-authenticated quantitative value corresponding to The authentication bio-vector is determined. It can be understood that the step of determining the permutation operation in step S7605 according to the biological vector to be authenticated corresponding to the quantified value to be authenticated may not be used in the actual execution process, and the inverse operation of the permutation operation can be directly determined.

If step S1205 includes S1205b, preprocessing is performed on the current first auxiliary data, and the preprocessing includes the inverse operation Φ _d ^-1 (H) or Φ _d ^-1 (X' , H). It can be understood that the exact descriptor to be authenticated is used in the inverse operation.

S7606. Obtain the key to be authenticated corresponding to the current first auxiliary data according to the error correction code word corresponding to the current first auxiliary data.

When the third implementation manner is implemented as 3.1, step S760 may be implemented as,

S7607 is the same as S7605. It can be understood that the replacement operation in step S7607 is in the same form as the replacement operation in step S1401. The replacement operation in step S1401 is determined according to the biological vector corresponding to the quantized value. The biological vector to be authenticated corresponding to the quantitative value is determined. It can be understood that, in the actual execution process, there may be no step of determining the permutation operation in step S7607 according to the biological vector to be authenticated corresponding to the quantified value to be authenticated, and the inverse operation of the permutation operation can be directly determined.

Exemplarily, when the sixth transformation processing is performed in S1401, it is necessary to perform preprocessing on the current first auxiliary data, and the preprocessing includes performing the inverse operation Φ _d ^-1 (H) or Φ of the sixth transformation processing on the current first auxiliary data. _d ^-1 (X',H). It can be understood that the exact descriptor to be authenticated is used in the inverse operation.

S7608. Restore the biological vector corresponding to the quantization value used in the current first auxiliary data according to the error correction code word determined in S7607;

S7609. Determine the key to be authenticated corresponding to the current first auxiliary data according to the quantization value.

Exemplarily, the key to be authenticated corresponding to the current first auxiliary data is generated according to the quantized value and the random quantity parsed from the current first auxiliary data.

When the third implementation manner is implemented as 3.2, step S760 may be implemented as,

S7610, using one of the at least one first auxiliary data as the current first auxiliary data, and determining an error correction code word corresponding to the current first auxiliary data according to the current first auxiliary data and the biological vector to be authenticated;

Exemplarily, when the sixth transformation process is performed in S1403, it is necessary to perform preprocessing on the current first auxiliary data, and the preprocessing includes performing the inverse operation Φ _d ^-1 (H) or Φ of the sixth transformation process on the current first auxiliary data _d ^-1 (X',H). It can be understood that the exact descriptor to be authenticated is used in the inverse operation.

S7611. Restoring the biovector corresponding to the quantization value used in the current first auxiliary data according to the error correction code word determined in S7610;

S7612. Determine the key to be authenticated corresponding to the current first auxiliary data according to the quantization value.

S730 corresponding to the first implementation manner in step S430 will be described below. When step S430 adopts the first implementation mode, step S730 includes:

S820, acquiring an authentication key;

S830. Perform an encoding operation according to the biometric template to be authenticated and the authentication key to obtain auxiliary data to be authenticated;

Exemplarily, the authentication key is input by the object to be authenticated at the authentication stage or determined according to the input of the object to be authenticated at the authentication stage. For example, the authentication key is generated by performing one or more processes of format conversion, digit padding, and verification information addition on the input of the object to be authenticated. It can be understood that the authentication key is obtained through the same process as the key corresponding to the first auxiliary data in the first implementation manner of the registration phase.

In this embodiment, the encoding operation is the feature conversion in the same form as in step S100, except that the feature conversion in this embodiment is determined according to the authentication key.

In this embodiment, in the registration phase, F _k (X)=H; in the authentication phase, F _k '(X')=H'. Among them, F is the feature conversion function, k is the key corresponding to the first auxiliary data, k' is the authentication key obtained in the authentication stage, X and X' are the biometric templates in the registration stage and the authentication stage, respectively, H and H' are the auxiliary data in the registration phase and the authentication phase, respectively, and the auxiliary data in the authentication phase are the auxiliary data to be authenticated.

S840. Determine the identity authentication result of the object to be authenticated according to the comparison result of the auxiliary data to be authenticated and the auxiliary data in the bottom database.

It is understandable that if the auxiliary data to be authenticated and the auxiliary data of the bottom database are both on the same body, they can be compared on the body to obtain a comparison result. Otherwise, it is necessary to send the auxiliary data to be authenticated or the auxiliary data of the bottom database to the same subject, and then compare it on the subject to obtain the comparison result. For example, the auxiliary data to be authenticated is generated by the terminal, and the auxiliary data of the base database is located in the server. The terminal can send the auxiliary data to be authenticated to the server for comparison; or the server can send the auxiliary data of the base library to the terminal for comparison.

If X and X' are close enough and k'=k, then H and H' are close enough. Therefore, the identity authentication result of the object to be authenticated can be determined according to the comparison result of the auxiliary data to be authenticated and the auxiliary data in the bottom database.

In a specific implementation manner, S700 also includes:

According to the second biometric area, determine the second index feature; the second index feature and the first index feature are extracted by the same feature extraction method; the bottom library auxiliary data is corresponding to the first index data whose second index feature satisfies the distance condition The first auxiliary data of .

If the first index feature is extracted in the registration stage, the second index feature can be extracted in the authentication stage, and the first auxiliary data can be screened out by using the second index feature as the bottom database auxiliary data: the corresponding first index feature and the second index feature Indexed features satisfy the distance condition. The distance condition is, for example, that the distance is less than a distance threshold and/or the distance is the closest top N.

It can be understood that the step of screening the auxiliary data of the bottom library can be performed on the terminal or the server. If it is performed on the server, the terminal may send the second index feature of the object to be authenticated to the server, and the server will perform screening.

In one example, the distance condition corresponding to the first index feature is determined according to the noise information corresponding to the first index feature in the registration information.

As before, the first index feature in the registration information may be the first index feature with noise added, and at this time, the distance condition may be determined according to the degree of noise addition.

Embodiment seven

Based on the same idea, the embodiment of the present disclosure also provides an identity authentication device corresponding to the identity authentication method. Since the problem-solving principle of the device in the embodiment of the present disclosure is similar to the aforementioned embodiment of the identity authentication method, the For the implementation of the device, reference may be made to the descriptions in the embodiments of the above methods, and repeated descriptions will not be repeated.

An embodiment of the present disclosure provides a functional module of an identity authentication device. Each module in the identity authentication device in this embodiment is used to execute each step in the above method embodiment. The identity authentication device includes: a second acquisition module, a third determination module, and a third acquisition module; wherein,

The third determining module is used to determine the biometric template to be authenticated in the second biometric region according to the second biometric region;

The third acquisition module is used to acquire the identity authentication result of the object to be authenticated, and the identity authentication result is determined according to the biometric template to be authenticated and the auxiliary data in the base database.

Wherein, the base database auxiliary data includes at least one first auxiliary data; the first auxiliary data is included in the registration information, and the registration information is determined through the identity registration method provided in the fourth embodiment.

Embodiment eight

The embodiment of the present disclosure also provides an identity registration method. The method in this embodiment is similar to the identity registration method provided in Embodiment 4, the difference is that the method provided in Embodiment 4 is based on the identity registration method provided by the terminal device side, and this embodiment is based on the identity registration method provided by the server side. The identity registration method. The specific flow of the identity registration method of this embodiment will be described in detail below.

Receive the registration information sent by the terminal device. The above registration information may be determined through the identity registration method provided in Embodiment 4. Store registration information in the database.

The registration information includes first assistance data. The registration information can also include hash value, hash parameter, check value, first index feature, noise information added in the first index feature, restriction factor, user identification, etc., and the registration information can include the first data table and the second For the data table, see the description of Embodiment 4 for related descriptions, and details will not be repeated here.

In a specific implementation manner, this embodiment also includes the following steps:

S850. Determine the simulation auxiliary data, and store the simulation auxiliary data in the database; or,

S860. Determine simulation auxiliary data, determine simulation index features, and associate and store the simulation index features and simulation auxiliary data in a database.

It is understandable that in order to make it impossible for the attacker to confirm which features are the real user's index features and auxiliary data, which are the obfuscated features and auxiliary data, so that it is impossible to determine whether a user is in the system and further improve data security, the server can also Add data records for obfuscation in the database. If the registration information includes the first auxiliary data, execute S850, and if the registration information includes the first index feature and the first auxiliary data, execute S860.

Among them, the simulation auxiliary data is generated by one of the following methods:

Mode a, generating a simulation image, the simulation image includes a simulated biometric region, determining a simulated biometric template for the simulated characteristic region according to the simulated biometric region, and determining simulation auxiliary data according to the simulated biometric template;

Mode b, generating a simulated biometric template, and determining simulation auxiliary data according to the simulated biometric template;

Mode c, directly generate simulation auxiliary data.

In mode a and mode b, for example, a Generative Adversarial Network (GAN) can be used to generate a simulated image or a simulated biometric template; wherein, the generative confrontation network that can be used includes: GAN, styleGAN, styleGAN2, WGAN (Wasserstein GAN ), WGAN-GP (Wasserstein GAN-gradient penalty) and Auxiliary Classifier Generative Adversarial Network (AC-GAN), etc.

In order to save computing power, method c can be adopted. For example, it can be randomly generated. The simulation auxiliary data is used for decoding in the authentication stage or comparison of auxiliary data. Even if it is randomly generated, it will not affect its function as a confusing record.

Simulation index features can be generated by way d and way e.

Mode d, directly generate simulation index features. For example, a Generative Adversarial Network (GAN) can be used to generate simulated index features.

Mode e, performing feature extraction on the simulated biometric feature area of the simulated image to obtain simulated index features.

Embodiment nine

An embodiment of the present disclosure provides a functional module of an identity registration device. Each module in the identity registration device in this embodiment is used to execute each step in the above method embodiment. The identity registration device includes: a receiving module and a second storage module; wherein,

The receiving module is used to receive the registration information sent by the terminal device, the registration information is determined by the above identity registration method; the second storage module is used to store the registration information in the database, the registration information includes the first auxiliary data.

Embodiment ten

The embodiment of the present disclosure also provides an identity authentication method. The identity authentication method provided in this embodiment is similar to the identity authentication method provided in Embodiment 6, the difference is that the identity authentication method provided in Embodiment 6 is based on the identity authentication method provided by the terminal device, and the identity authentication method provided in this embodiment The method is a server-based authentication method. The specific flow of the identity authentication method in this embodiment will be described in detail below.

Step 910, receiving an authentication request sent by the terminal device.

Step 920, according to the authentication request, determine the bottom library auxiliary data from the registration information.

Wherein, the base library auxiliary data includes at least one first auxiliary data.

If the registration information is stored on the server, the step of determining base bank auxiliary data from the registration information is usually performed by the server. For the case of 1:N, the bottom database auxiliary data may be all first auxiliary data in the stored registration information, or the first auxiliary data after preliminary screening. For example, based on user ID, device ID, registration time, authentication time, authentication location, low-discrimination features extracted from images to be authenticated, low-discrimination features extracted from biometric templates to be authenticated, and quantitative values to be authenticated Restricting factors such as low-discriminatory features in the medium screen out the auxiliary data of the bottom library from the full amount of the first auxiliary data. For the case of 1:1, the base library auxiliary data may be the first auxiliary data uniquely determined according to user identification, device identification, and the like. It can be understood that the information used to determine the base library auxiliary data from the registration information can be sent by the terminal device to the server, and it can be included in the authentication request, or can be sent independently of the authentication request.

Wherein, the above-mentioned registration information is the registration information stored in the database through the above-mentioned identity registration method.

The identity authentication method provided in this embodiment may authenticate the biometric template to be authenticated based on the determined base database auxiliary data. Specifically, the authentication can be performed on the server, or the auxiliary data of the bottom database can be sent to the terminal device, and the terminal device or the terminal device and the server cooperate to perform the authentication.

For the second (step S109, S110-S120) or third implementation (step S129, S130-S150) corresponding to step S430, the steps of quantizing, decoding, verifying the key, and determining the user identification Can be executed on terminal or server. If the terminal sends a biometric template instead of a quantized value, the server performs quantization. If the base library auxiliary data is stored in the terminal or sent to the terminal by the server, it will be decoded by the terminal, otherwise it will be decoded by the server. If the hash value, hash parameters, and verification values required for verifying the key are located on the server, the verification is performed by the server; otherwise, the verification of the corresponding steps is performed by the terminal. If the correspondence between the user ID and the hash value is stored in the server, the server will determine the user ID. For specific steps, refer to the description of Embodiment 6, and details are not repeated here.

Corresponding to the first implementation manner of step S430, the steps of determining the auxiliary data to be authenticated and comparing the auxiliary data to be authenticated with the auxiliary data in the bottom database can be executed by the terminal or the server. Usually, the auxiliary data to be authenticated is determined by the terminal in consideration of security issues. If determined by the server, the terminal needs to send the biometric template to be authenticated and the authentication key to the server, and the server will perform encoding operations to obtain auxiliary data to be authenticated. For specific steps, refer to the description of Embodiment 6, and details are not repeated here.

The methods in the embodiments of the present disclosure will be described below by taking several specific identity registration methods and identity authentication methods as examples.

Please refer to one of the interactive sequence diagrams of the registration method provided by the embodiment of the present disclosure shown in FIG. 4; the embodiment of the present disclosure provides a specific registration method, including:

S400. The terminal device obtains an image to be processed of an object to be registered, where the image to be processed includes a first biometric feature area, and the first biometric feature area includes a plurality of first feature points;

S401. The terminal device determines a first biometric template of the first biometric region according to the first biometric region, where the first biometric template includes biometric representations corresponding to a plurality of first characteristic points;

S402. The terminal device converts the format of the user input and adds redundant bits as verification information to generate a key corresponding to the first auxiliary data;

S403. The terminal device performs an encoding operation according to the first biometric template and a key corresponding to the first auxiliary data to obtain the first auxiliary data; wherein, the encoding operation includes irreversible transformation;

S404. The terminal device determines a first hash parameter, and performs a hash operation according to the key corresponding to the first auxiliary data and the first hash parameter, to obtain a first hash value;

S405, the terminal device obtains at least one of the performance information of the terminal device, the network information between the terminal device and the server, and the expected security level;

S406, the terminal device determines the noise information according to at least one of the performance information of the terminal device, the network information between the terminal device and the server, and the expected security level;

S407. The terminal device performs feature extraction on the first biometric feature area to obtain a first index feature, and adds noise data of noise intensity contained in the noise information to the first index feature to obtain the first index feature with noise added; the first index the distinctiveness of the feature is lower than that of the first biometric template;

S408. The terminal device sends the noise-added first index feature, first auxiliary data, first hash parameter, and first hash value to the server;

S409, the terminal device sends the noise information and the user identification specified by the user to the server;

S410. The server receives the noise-added first index feature, first auxiliary data, first hash parameter, first hash value, noise information, and user identifier;

S411, the server associates and stores the noise-added first index feature, first auxiliary data, first hash parameter, and noise information;

S412. The server associates and stores the user identifier and the first hash value.

Please refer to the interactive sequence diagram of the first specific authentication method provided by the embodiment of the present disclosure shown in FIG. 5; the embodiment of the present disclosure provides a specific identity authentication method, including:

S500. The terminal device acquires an image to be authenticated of an object to be authenticated, where the image to be authenticated includes a second biometric feature area, and the second biometric feature area includes a plurality of second feature points;

S501. The terminal device determines a second index feature according to the second biometric area; the second index feature and the first index feature are extracted by the same feature extraction method;

S502. The terminal device determines a biometric template to be authenticated in the second biometric region according to the second biometric region;

S503. The terminal device sends the second index feature to the server;

S504, the terminal device sends the biometric template to be authenticated to the server through a secure channel;

S505. The server searches the database for a plurality of first index features whose distance from the second index feature satisfies the distance condition according to the second index feature;

S506. The server queries the database for a plurality of first auxiliary data corresponding to a plurality of first index features one-to-one, and obtains the bottom database auxiliary data;

S507, the server performs a decoding operation according to the biometric template to be authenticated and the auxiliary data of the bottom database, and obtains at least one key to be authenticated;

S508. The server performs preliminary verification on at least one key to be authenticated, and obtains a key to be authenticated that passes the preliminary verification;

S509, the server determines the hash value to be authenticated corresponding to the key to be authenticated that passes the preliminary verification according to the first hash parameter corresponding to the first auxiliary data corresponding to the key to be authenticated that passes the preliminary verification;

S510. The server compares each hash value to be authenticated with the first hash value of the bottom library, and determines the first hash value of the bottom library that matches the hash value to be authenticated; if there is a hash value to be authenticated If it matches the first hash value of the bottom library, the key to be authenticated corresponding to the hash value to be authenticated is verified as passing;

S510, the server determines the user identifier corresponding to the matching hash value according to the matching hash value, and the matching hash value is the hash value to be authenticated corresponding to the key to be authenticated that passes the verification;

S511. The server sends an identity authentication result to the terminal device through a secure channel, and the identity authentication result includes authentication success, a key to be authenticated and a user ID that pass the verification;

S512. The terminal device receives an identity authentication result.

Please refer to the interactive sequence diagram of another specific identity authentication method provided by the embodiment of the present disclosure shown in FIG. 6; the embodiment of the present disclosure provides another specific identity authentication method, including:

S500-S503, S505-S506, also include,

S520. The server sends the bottom library auxiliary data and the first hash parameter corresponding to the first auxiliary data included in the bottom library auxiliary data to the terminal device;

S521. The terminal device performs a decoding operation according to the biometric template to be authenticated and the received bottom database auxiliary data, to obtain at least one key to be authenticated;

S522. The terminal device performs preliminary verification on at least one key to be authenticated, and obtains a key to be authenticated that passes the preliminary verification;

S523. The terminal device determines the hash value to be authenticated corresponding to the key to be authenticated that passes the preliminary verification according to the first hash parameter corresponding to the first auxiliary data corresponding to the key to be authenticated that passes the preliminary verification;

S524, the terminal device sends the hash value to be authenticated to the server;

S525. The server compares each received hash value to be authenticated with the first hash value of the bottom library, and determines the first hash value of the bottom library that matches the hash value to be authenticated; value, if there is a matching first hash value of the bottom library, then the key to be authenticated corresponding to the hash value to be authenticated is verified as passing;

S526. The server determines the user identifier corresponding to the matching hash value according to the matching hash value, and the matching hash value is the hash value to be authenticated corresponding to the key to be authenticated that passes the verification;

S527. The server sends an identity authentication result to the terminal device, where the identity authentication result includes authentication success, matching hash value, and user identifier;

S528. The terminal device receives the identity authentication result, and determines the key to be authenticated that passes the verification according to the matching hash value in the identity authentication result.

The embodiment of the present disclosure provides another specific identity authentication method, including:

S500-S503, S505-S506, also include,

S540. The server sends the bottom library auxiliary data and the second hash parameter corresponding to the first auxiliary data included in the bottom library auxiliary data to the terminal device;

S541. The terminal device performs a decoding operation according to the biometric template to be authenticated and the received bottom database auxiliary data, to obtain at least one key to be authenticated;

S542. The terminal device performs preliminary verification on at least one key to be authenticated, and obtains a key to be authenticated that passes the preliminary verification;

S543. The terminal device generates a multi-factor key to be authenticated according to the key to be authenticated and the second transformation key that have passed the preliminary verification; the second transformation key is determined according to the user password input by the object to be authenticated;

S544. The terminal device performs preliminary verification on the multi-factor key to be authenticated, and obtains the multi-factor key to be authenticated that passes the preliminary verification;

S545. The terminal determines the multi-factor hash value to be authenticated corresponding to the key to be authenticated that passes the preliminary verification according to the second hash parameter corresponding to the first auxiliary data corresponding to the multi-factor key to be authenticated that passes the preliminary verification;

S546. The terminal device sends the multi-factor hash value to be authenticated to the server;

S547. The server compares each received multi-factor hash value to be authenticated with the second hash value of the bottom library, and determines the second hash value of the bottom library that matches the multi-factor hash value to be authenticated; if for a For the multi-factor hash value to be authenticated, if there is a second hash value matching it, the multi-factor key to be authenticated corresponding to the multi-factor hash value to be authenticated has passed the verification;

S548. The server determines the user identifier corresponding to the matching hash value according to the matching hash value, and the matching hash value is the multi-factor hash value to be authenticated corresponding to the multi-factor key to be authenticated that passes the verification;

S549. The server sends an identity authentication result to the terminal device, where the identity authentication result includes authentication success, matching hash value, and user identifier;

S550. The terminal device receives the identity authentication result, and determines the multi-factor key to be authenticated that passes the verification according to the matching hash value in the identity authentication result.

The embodiment of the present disclosure also provides another specific identity authentication method, including:

S500-S503, S505-S506, S520-S523,

S529, the server sends the first hash value of the base library to the terminal device;

S530. The terminal device compares each hash value to be authenticated with the received first hash value of the bottom library, and determines the first hash value of the bottom library that matches the hash value to be authenticated; Hash value, if there is a matching first hash value of the bottom library, the key to be authenticated corresponding to the hash value to be authenticated is verified as passing;

S531 The terminal device sends a matching hash value to the server, and the matching hash value is the hash value to be authenticated corresponding to the key to be authenticated that passes the verification;

S532. The server determines the user identifier corresponding to the matching hash value according to the matching hash value, and the matching hash value is the hash value to be authenticated corresponding to the key to be authenticated that passes the verification;

S533. The server sends the user identifier corresponding to the matching hash value to the terminal device;

S534. The terminal device receives the user identifier corresponding to the matching hash value;

S535. The terminal device determines the identity authentication result: the identity authentication result includes: the authentication is successful, the verification key to be authenticated is successful, and the user ID.

Embodiment Eleven

Based on the same public concept, the embodiment of the present disclosure also provides an identity authentication device corresponding to the identity authentication method. Since the problem-solving principle of the device in the embodiment of the present disclosure is similar to the aforementioned embodiment of the identity authentication method, in this embodiment For the implementation of the device, reference may be made to the description in the embodiments of the above method, and repeated descriptions will not be repeated.

Each module in the identity authentication device in this embodiment is used to execute each step in the above method embodiment. The identity authentication device includes: a second receiving module and a bottom database auxiliary data determination module; wherein,

The bottom library auxiliary data determining module is configured to determine the bottom library auxiliary data from the registration information according to the authentication request; wherein the bottom library auxiliary data includes at least one first auxiliary data.

Embodiment 12

The embodiment of the present disclosure also provides a method for using a key, and the specific flow of the method will be described in detail below.

Step 1010, use the identity authentication method to authenticate the identity of the object to be authenticated.

If the identity authentication of the object to be authenticated is successful, step 1020 is executed.

Optionally, the identity authentication method used in this embodiment may be similar to the identity authentication method provided in Embodiment 6 or Embodiment 10 above. For details about step 1010, please refer to the description in Embodiment 6 or Embodiment 10. This will not be repeated here.

It can be understood that the identity authentication method in step S1010 needs to be a method capable of determining the key to be authenticated or the multi-factor key to be authenticated during the authentication process, that is, the identity authentication result is obtained by verifying the key to be authenticated Or determined by the multi-factor key to be authenticated. The generation and verification of the key to be authenticated or the multi-factor key to be authenticated can be performed on the terminal and/or the server. If it is determined that the key to be authenticated that has passed the verification or the multifactor key to be authenticated that has passed the verification is performed on the server, the server needs to send the key to be authenticated that has passed the verification or the multifactor key to be authenticated that has passed the verification Send it to the terminal device, so that the terminal device uses the verified key to perform subsequent application processing. Normally, the key transmission between the server and the terminal device is carried out through a secure channel between the two TEEs. Exemplarily, the verified key may be included in the identity authentication result and sent by the server to the terminal device.

Step 1020, use the verified key determined by the above identity authentication method to perform one or more processes in digital signature, message encryption, message decryption, application login, and digital wallet management.

It can be understood that the identity authentication method used in step S1010 performs identity authentication by verifying the key to be authenticated or the multi-factor key to be authenticated. Therefore, when the identity authentication is passed, a key to be authenticated that passes the verification must be determined. Or the multi-factor key to be authenticated that passes the verification.

If the key to be authenticated is used for verification in the authentication stage, the key that passes the verification includes the key to be authenticated that passes the verification; if the multi-factor key to be authenticated is used for verification in the authentication stage, the key that passes the verification may include The multi-factor key to be authenticated that passes the verification may also include the key to be authenticated used to generate the multi-factor key to be authenticated that passes the verification.

In the embodiment of the present invention, in the authentication stage, the key used in the registration stage can be restored according to the biological characteristics and auxiliary information that are close enough to the registration stage, so that the restored key can be used for digital signature, message encryption, message decryption, One or more of application login, digital wallet management.

Embodiment Thirteen

An embodiment of the present disclosure provides a digital signature method. The specific flow of the method will be described in detail below.

Step 1110, determine the registration information through the identity registration method.

Wherein, the registration information includes the first auxiliary data.

The identity registration method used in this embodiment can be similar to the identity registration method provided in the fourth embodiment above. For other details about the identity registration method in step 1110 in this embodiment, please refer to the description in the fourth embodiment, which will not be repeated here repeat.

It should be noted that the registration method in step S1110 needs to be the second and third methods in step S430, that is, the authentication method corresponding to the registration method is to generate and verify the key to be authenticated or the multi-factor password to be authenticated key for identity authentication.

Step 1120, generating a first public key corresponding to the first private key.

Wherein, the first private key is a key corresponding to the first auxiliary data or a first multi-factor key corresponding to the first auxiliary data.

Exemplarily, the key corresponding to the first auxiliary data involved in the registration phase or the first multi-factor key may be used as the first private key, and the first public key may be generated based on the first private key.

Exemplarily, a key pair consisting of the first private key and the first public key can be generated, and the first private key can be used as the key corresponding to the first auxiliary data, or the first multi-factor can be generated based on the key corresponding to the first auxiliary data. key. At this time, step S1120 may be performed prior to step S1110.

Step 1130, send the first public key to the sign verifier, so that the sign verifier can use the first public key to verify the digital signature generated using the first private key.

Embodiment Fourteen

Step 1210, use the identity authentication method to authenticate the identity of the object to be authenticated.

If the identity authentication of the object to be authenticated is successful, step 1220 is performed.

For the description of step S1210, refer to step S1010.

Step 1220, use the verified key determined by the identity authentication method to sign the information to be signed to obtain signed data with a digital signature.

Exemplarily, the hash value of the information to be signed can be asymmetrically encrypted by using the key that passes the verification to obtain a digital signature, and the digital signature and the information to be signed can be used as signature data.

Step 1230, send the signature data to the signature verification party, so that the signature verification party can use the public key corresponding to the key that passes the verification to verify the digital signature of the signature data.

Exemplarily, before receiving the signed data, the sign verifier has received at least one public key. At least one public key is sent to the signature verification party through the method of Embodiment 13. The signature verifier can determine which public key to use to verify the digital signature according to the information contained in or attached to the signature data.

Exemplarily, after receiving the signature data, the signature verification party can calculate the hash value of the data to be signed in the signature data, and compare the hash value with the result obtained by decrypting the digital signature with the public key. pass. The public key here refers to the public key used for signature verification determined by the signature verification party based on the information contained in or attached to the signature data.

Wherein, the public key corresponding to the verified key is sent to the signature verification party through the method of Embodiment 13; the verified key includes the verified key to be authenticated, the verified multi-factor key or the key to be authenticated used to generate the multifactor key to be authenticated that passes the verification. For details, refer to the description of Embodiment 12.

Embodiment 15

An embodiment of the present disclosure provides a method for decrypting a message. The specific flow of the method will be described in detail below.

For the specific description of this step, refer to step S1110.

Step 1420, generating a second public key corresponding to the second private key; wherein, the second private key is a key corresponding to the first auxiliary data or a first multi-factor key corresponding to the first auxiliary data.

Step 1430, send the second public key to the message encryption party.

For the description about the second public key and the second private key, please refer to the first public key and the first private key.

Embodiment sixteen

Step 1510, receive the data to be decrypted sent by the message encryption party.

Step 1520, use the identity authentication method to authenticate the identity of the object to be authenticated.

For the description of S1520, refer to S1010.

If the identity authentication of the object to be authenticated is successful, step 1530 is executed.

Step 1530, decrypt the data to be decrypted by using the verified key determined by the above identity authentication method to obtain the decrypted data.

Among them, the public key corresponding to the verified key is sent to the message encryption party according to the method provided in Embodiment 15; the verified key includes the verified key to be authenticated, the verified multi-factor The key or the key to be authenticated used to generate the multi-factor key to be authenticated that has passed the verification; the data to be decrypted is encrypted with the public key corresponding to the key that has passed the verification.

Embodiment 17

An embodiment of the present disclosure provides an application login method. The specific flow of the method will be described in detail below.

Step 1610, use the identity authentication method to authenticate the identity of the object to be authenticated.

If the identity authentication of the object to be authenticated is successful, step 1620 is executed.

For details, refer to the description of S1010.

Step 1620, log in the target application program with the verified key determined by the above-mentioned identity authentication method; or log in the target application program with the verified key and user ID determined by the above-mentioned identity authentication method.

It is understandable that the verified key can be determined through the identity authentication method. If the verified key is globally unique in the target application program, for example, it is a sufficiently long and random character string, it can be Only authenticated keys are used to log into the target application. If the identity authentication method determines the user ID, the user ID and the verified key can also be used to log in to the target application program.

It can be understood that, for example, S1620 includes: performing a hash operation according to the verified key (the salt value/round number of the hash operation can be selected), and sending the hash operation result to the application server to log in the target application , or send the hash result and user ID to the application server to log into the target application.

Embodiment eighteen

An embodiment of the present disclosure provides a method for synchronizing blockchain node information. The blockchain node information synchronization method provided in this embodiment is applied to the current blockchain node on the blockchain, and the blockchain includes multiple blockchain nodes. The specific process of the method will be described in detail below.

Step 1710, determine the registration information through the identity registration method.

the registration information includes first auxiliary data;

For details, refer to the description of S1110.

Step 1720, generate a third public key corresponding to the third private key; wherein, the third private key is a key corresponding to the first auxiliary data or a first multi-factor key corresponding to the first auxiliary data.

For the description of the third private key and the third public key, refer to the description of the first private key and the first public key.

Step 1730, broadcast the third public key to other blockchain nodes on the blockchain.

In this embodiment, after the third public key is broadcast in the blockchain nodes, any node in the blockchain system can verify the transaction data generated on the blockchain nodes.

Embodiment nineteen

Step 1730, use the identity authentication method to authenticate the identity of the object to be authenticated.

If the identity authentication of the object to be authenticated is successful, step 1740 is executed.

For details, refer to the description of S1010.

Step 1740, use the verified key determined by the identity authentication method to sign the transaction information, and obtain transaction data with a digital signature;

Step 1750, broadcasting the transaction data to other blockchain nodes on the blockchain, so that other blockchain nodes can use the public key corresponding to the verified key to verify the digital signature of the transaction data;

Wherein, the public key corresponding to the verified key is sent to the verification party through the method of Embodiment 18; the verified key includes the verified key to be authenticated, the verified multi-factor key or the key to be authenticated used to generate the multifactor key to be authenticated that passes the verification.

For details, refer to Embodiment 14.

In addition, the embodiments of the present disclosure also provide devices corresponding to the methods in embodiments 12 to 19. For specific device embodiments, refer to the description of the summary of the invention and the method corresponding to the devices.

It should be noted that, preferably, the keys in each embodiment of the present disclosure (the first transformation key, the second transformation key, the authentication key, the first public key, the first private key, the second transformation key corresponding to the first auxiliary data The second public key, the second private key, the third public key, and the third private key) are generated (such as generated by the system, such as generated by decoding operations), used (such as hash calculation, transformation processing) in the process of device TEE (including terminal equipment) TEE and server TEE), the transmission of the key is carried out between the TEEs of the device through the secure channel between the devices.

In addition, an embodiment of the present disclosure further provides a computer-readable storage medium, on which a computer program is stored, and the computer program executes the steps in the foregoing method embodiments when the computer program is run by a processor.

The computer program products of the various methods provided by the embodiments of the present disclosure include a computer-readable storage medium storing program codes. The instructions included in the program codes can be used to execute the steps in the above-mentioned various method embodiments. For details, please refer to the above-mentioned method embodiments. , which will not be repeated here.

In the several embodiments provided in the present disclosure, it should be understood that the disclosed devices and methods may also be implemented in other ways. The device embodiments described above are only illustrative. For example, the flowcharts and block diagrams in the accompanying drawings show the architecture, functions and possible implementations of devices, methods and computer program products according to multiple embodiments of the present disclosure. operate. In this regard, each block in a flowchart or block diagram may represent a module, program segment, or portion of code that contains one or more executable instruction. It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks in succession may, in fact, be executed substantially concurrently, or they may sometimes be executed in the reverse order, depending upon the functionality involved. It should also be noted that each block of the block diagrams and/or flowchart illustrations, and combinations of blocks in the block diagrams and/or flowchart illustrations, can be implemented by a dedicated hardware-based system that performs the specified function or action , or may be implemented by a combination of dedicated hardware and computer instructions.

In addition, each functional module in each embodiment of the present disclosure may be integrated together to form an independent part, each module may exist independently, or two or more modules may be integrated to form an independent part.

If the functions are implemented in the form of software function modules and sold or used as independent products, they can be stored in a computer-readable storage medium. Based on this understanding, the technical solution of the present disclosure is essentially or the part that contributes to the prior art or the part of the technical solution can be embodied in the form of a software product, and the computer software product is stored in a storage medium, including Several instructions are used to make a computer device (which may be a personal computer, a server, or a network device, etc.) execute all or part of the steps of the methods in various embodiments of the present disclosure. The aforementioned storage media include: U disk, mobile hard disk, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), magnetic disk or optical disc, etc., which can store program codes. . It should be noted that in this article, relational terms such as first and second are only used to distinguish one entity or operation from another entity or operation, and do not necessarily require or imply that there is a relationship between these entities or operations. There is no such actual relationship or order between them. Furthermore, the term "comprises", "comprises" or any other variation thereof is intended to cover a non-exclusive inclusion such that a process, method, article, or apparatus comprising a set of elements includes not only those elements, but also includes elements not expressly listed. other elements of or also include elements inherent in such a process, method, article, or device. Without further limitations, an element defined by the statement "comprising..." does not exclude the presence of additional identical elements in the process, method, article or device that includes the element.

The above are only preferred embodiments of the present application, and are not intended to limit the present application. For those skilled in the art, there may be various modifications and changes in the present application. Any modifications, equivalent replacements, improvements, etc. made within the spirit and principles of this application shall be included within the protection scope of this application. It should be noted that like numerals and letters denote similar items in the following figures, therefore, once an item is defined in one figure, it does not require further definition and explanation in subsequent figures.

The above is only the specific implementation of the application, but the scope of protection of the application is not limited thereto. Anyone familiar with the technical field can easily think of changes or substitutions within the technical scope disclosed in the application, and should cover Within the protection scope of this application. Therefore, the protection scope of the present application should be based on the protection scope of the claims.

Claims

A privacy-preserving image processing method, comprising:

Acquiring an image to be processed, where the image to be processed includes a first biometric feature area, and the first biometric feature area includes a plurality of first feature points;

Determine a first biometric template for the first biometric region according to the first biometric region, where the first biometric template includes biometric representations corresponding to the plurality of first characteristic points;

Performing an encoding operation on the first biometric template to obtain first auxiliary data, including the following items:

performing feature conversion according to the first biometric template to obtain first auxiliary data; the feature conversion is determined according to a key corresponding to the first auxiliary data;

Perform quantization according to the first biometric template to obtain a quantized value; determine an error correction code word according to a key corresponding to the first auxiliary data; perform a first conversion process on the error correction code word to obtain first auxiliary data ; Wherein, the determining the error correction code word according to the key corresponding to the first auxiliary data includes: determining the error correction code word according to the key corresponding to the first auxiliary data and the quantization value; and/or, the Performing a first conversion process on the error correction code word to obtain first auxiliary data includes: performing a first conversion process on the error correction code word according to the quantization value to obtain first auxiliary data;

Perform quantization according to the first biometric template to obtain a quantized value; determine an error correction code word; perform a second conversion process on the error correction code word to obtain first auxiliary data; generate a first auxiliary data according to the quantized value A key corresponding to the auxiliary data; wherein, determining an error correction code word; performing a second transformation process on the error correction code word to obtain the first auxiliary data, including: randomly determining an error correction code word; according to the quantization Perform the second transformation process on the error correction code word to obtain the first auxiliary data; or determine the error correction code word according to the quantization value, and perform the second transformation process on the error correction code word to obtain first auxiliary data;

Wherein, the encoding operation includes an irreversible transformation.
The method according to claim 1, wherein the first biometric template includes biometric data and a precise descriptor, and the first biometric of the first biometric region is determined according to the first biometric region. Feature templates, including:

According to the first biometric area, determine the biometric data corresponding to the plurality of first feature points; according to the first biometric area, determine the precise descriptor corresponding to the plurality of first feature points;

The method includes at least one of the following:

Performing feature conversion according to the first biological feature template to obtain first auxiliary data, including: performing feature conversion on the biological feature data and accurate descriptors included in the first biological feature template to obtain first auxiliary data; The feature conversion is determined according to the key corresponding to the first auxiliary data;

Performing feature conversion according to the first biological feature template to obtain first auxiliary data, including: performing feature conversion on the first biological feature data in the first biological feature template to obtain first auxiliary data; the feature conversion is Determined according to the key corresponding to the first auxiliary data and the precise descriptor;

Performing feature conversion according to the first biological feature template to obtain first auxiliary data, including: performing feature conversion on the biological feature data and accurate descriptors included in the first biological feature template to obtain first auxiliary data; The feature conversion is determined according to the key corresponding to the first auxiliary data and the precise descriptor;

Quantifying according to the first biometric template includes: quantifying the biometric data and the precise descriptor included in the first biometric template to obtain a quantified value;

The obtaining the quantized value includes: performing a third conversion process on the quantized result obtained by quantizing the first biometric template to obtain a quantized value, and the third conversion process is determined according to the precise descriptor; The third transformation process is reversible or irreversible transformation;

The performing the first transformation process on the error correction code word to obtain the first auxiliary data includes: using the precise descriptor to perform the first transformation process on the error correction code word to obtain the first auxiliary data ;

The performing the second conversion process on the error correction code word to obtain the first auxiliary data includes: using the precise descriptor to perform the second conversion process on the error correction code word to obtain the first auxiliary data .
The method according to claim 1 or 2, wherein,

Determining the error correction code word according to the key corresponding to the first auxiliary data includes: determining the parameters of the first algebraic curve according to the key corresponding to the first auxiliary data; Values are mapped on the first algebraic curve to obtain a first mapping value corresponding to the first quantization value, and the error correction code word includes a plurality of the first mapping values;

Performing a first conversion process on the error correction code word to obtain first auxiliary data includes: generating a hash point set; determining the first auxiliary data according to the first auxiliary point set and the hash point set; wherein, the The first auxiliary point in the first auxiliary point set has a first functional relationship with the first point on the first algebraic curve, the first point uses the first quantization value as the first coordinate component, and the first point uses the first quantization value as the first coordinate component, and the The first mapping value is the second coordinate component; the first coordinate component of the first auxiliary point is determined according to the first quantization value.
The method according to claim 3, wherein, performing a first transformation process on the error correction code word to obtain the first auxiliary data, further comprising: performing a fourth transformation process on the first point to obtain the first auxiliary data A first auxiliary point in a set of auxiliary points; the fourth transformation process is determined according to the precise descriptor, and the fourth transformation process is reversible transformation.
The method according to claim 1 or 2, wherein,

Determining an error correction code word according to the key corresponding to the first auxiliary data; performing a first conversion process on the error correction code word to obtain the first auxiliary data, including: according to the key corresponding to the first auxiliary data, Determine the parameters of the first algebraic curve; determine the parameters of the first mapping relationship according to the quantization value and the first algebraic curve; determine the first auxiliary data according to the parameters of the first mapping relationship;

Wherein, there is the first mapping relationship between the first set and the second set, the first subset of the first set is determined by the quantization value; the first value in the first subset A subset point of the first coordinate component, the value of which satisfies the first mapping relationship with the first value in the second set and the second coordinate component has a second functional relationship with the second point on the first algebraic curve , the value in the complement of the first subset in the first set is the first coordinate component, and the value in the second set that satisfies the first mapping relationship with this value is the complement point of the second coordinate component The point on the first algebraic curve does not have the second functional relationship; the first coordinate component of the second point is a quantized value corresponding to the first value.
The method according to claim 5, wherein said determining the parameters of the first mapping relationship according to the quantization value and the first algebraic curve comprises: according to the quantization value, the precise descriptor and the The first algebraic curve is used to determine the parameters of the first mapping relationship.
The method according to claim 1 or 2, wherein,

Determining an error correction code word according to a key corresponding to the first auxiliary data includes: determining the error correction code word according to a key corresponding to the first auxiliary data;

Performing a first conversion process on the error correction code word to obtain first auxiliary data, including: determining a permutation operation according to the biological vector corresponding to the quantization value; applying the permutation operation to the error correction code code word , to get the first auxiliary data.
The method according to claim 7, wherein,

The step of applying the permutation operation on the error correction code word to obtain the first auxiliary data includes: applying the permutation operation on the error correction code word to obtain a permutation result; The result of the permutation operation is subjected to a fifth transformation process to obtain the first auxiliary data; the fifth transformation process is determined according to the precise descriptor; the fifth transformation process is a reversible transformation.
The method according to claim 1 or 2, wherein,

Randomly determining an error correction code word; performing a second conversion process on the error correction code word according to the quantization value to obtain first auxiliary data, including: randomly determining an error correction code word; according to the quantization value corresponding to The biological vector determines a permutation operation; applying the permutation operation to the error correction code word to obtain first auxiliary data;

Or, determine the error correction code word according to the quantization value, and perform the second transformation process on the error correction code word to obtain the first auxiliary data, including: determining the code with the closest distance to the biological vector corresponding to the quantization value The word is an error-correcting code word; the first auxiliary data is obtained according to the difference between the biological vector and the error-correcting code word.
The method of claim 9, wherein,

The obtaining the first auxiliary data includes: obtaining the first auxiliary data through a sixth transformation process; the sixth transformation process is determined according to the precise descriptor, and the sixth transformation process is reversible.
The method according to any one of claims 1-10, wherein said acquiring the image to be processed comprises:

The image to be processed is collected by a non-contact acquisition method, the first biometric area is at least one of fingerprints, palm prints, finger veins, and palm veins, and the number of feature points contained in the first biometric area is greater than 300.
The method according to any one of claims 1-11, which is applied to a terminal device, wherein a trusted execution environment is set on the terminal device; according to the first biometric area, determining the first biometric A first biometric template for the signature region, comprising:

Determine a first intermediate result according to the first biometric area, and determine a first biometric template according to the first intermediate result; wherein, determining the first intermediate result according to the first biometric area takes a first priority Executed in the trusted execution environment; determining according to the first intermediate result that the first biometric template is executed in the trusted execution environment with a second priority;

Or, determine a second intermediate result according to the first biometric area; determine a third intermediate result according to the second intermediate result; determine a first biometric template according to the third intermediate result; wherein, according to the The second intermediate result determined by the first biometric area is executed in the trusted execution environment with a first priority; the determining of the first biometric template according to the third intermediate result is executed in the trusted execution environment with a second priority is executed in a trusted execution environment; the third intermediate result determined according to the second intermediate result is executed in the trusted execution environment with a third priority; wherein, the third priority is lower than the first a priority, the third priority is lower than the second priority.
An identity registration method applied to a terminal device, the method comprising:

The first auxiliary data in the registration information of the object to be registered is determined by the method described in any one of claims 1-12.
The method of claim 13, further comprising:

Feature extraction is performed on the first biometric feature area to obtain a first index feature, and the discrimination degree of the first index feature is lower than the discrimination degree of the first biometric feature template; the registration information of the object to be registered also includes The first index feature.
The method according to claim 14, further comprising one of the following:

Obtaining noise addition decision information, for the server connected to the terminal device to determine noise information for adding noise to the first index feature according to the noise addition decision information;

Obtaining noise addition decision information; obtaining noise information for adding noise to the first index feature;

Acquiring noise addition decision information; acquiring noise information for adding noise to the first index feature; adding noise to the first index feature according to the noise information to obtain a noise-added first index feature; the registration The first index feature in the information is the first index feature after the noise addition;

Wherein, the noise addition decision information includes at least one of the performance information of the terminal device, the network information between the terminal device and the server connected to the terminal device, and the expected security level; the noise information includes: At least one of noise adding method and noise intensity; the noise information is determined according to the noise adding decision information; the registration information of the object to be registered also includes the noise information.
The method according to any one of claims 13-15, wherein the registration information of the object to be registered further includes: a first hash value; the method further includes: according to the key corresponding to the first auxiliary data performing a hash operation to determine the first hash value;

And/or, the registration information of the object to be registered further includes: a first hash value and a first hash parameter, and the method further includes: according to the key corresponding to the first auxiliary data and the first hash performing a hash operation on the desired parameters to determine the first hash value;

And/or, the registration information of the object to be registered further includes a second hash value; the method further includes: performing a ninth conversion process according to the key corresponding to the first auxiliary data and the first conversion key, to obtain The first multi-factor key; performing a hash operation according to the first multi-factor key to determine the second hash value;

And/or, the registration information of the object to be registered further includes a second hash value and a second hash parameter, and the method further includes: performing an operation according to the key corresponding to the first auxiliary data and the first conversion key Ninth transformation processing, obtaining a first multi-factor key; performing a hash operation according to the first multi-factor key and a second hash parameter to determine the second hash value;

Wherein, the first hash parameter includes the salt value and/or the number of rounds used in the hash operation, and the second hash parameter includes the salt value and/or the number of rounds used in the hash operation.
The method according to claim 16, wherein the key corresponding to the first auxiliary data and/or the first multi-factor key contains verification information for preliminary verification of the key;

Alternatively, the registration information of the object to be registered includes a first verification value for preliminary verification of the key corresponding to the first auxiliary data and/or a first verification value for verification of the first multi-factor key. The method further includes: generating the first verification value according to the key corresponding to the first auxiliary data, and/or generating the first multi-factor key according to the first multi-factor key Second check value.
The method according to claim 16 or 17, wherein the database for storing registration information includes a first data table and a second data table; the first auxiliary data corresponding to the object to be registered is associated and stored in the first data table and other registration information of the object to be registered, the other registration information of the object to be registered includes: at least one of the first index feature, the first hash parameter, the second hash parameter, noise information, and a check value; The user identifier of the object to be registered and the first hash value or the second hash value corresponding to the object to be registered are stored in association in the two data tables.
An identity authentication method applied to a terminal device, the method comprising:

Acquiring an image to be authenticated of an object to be authenticated, where the image to be authenticated includes a second biometric feature area, and the second biometric feature area includes a plurality of second feature points;

determining a biometric template to be authenticated for the second biometric region according to the second biometric region;

Acquiring the identity authentication result of the object to be authenticated, the identity authentication result is determined according to the biometric template to be authenticated and the auxiliary data of the bottom database;

Wherein, the bottom database auxiliary data includes at least one first auxiliary data; the first auxiliary data is determined by the identity registration method described in any one of claims 13 to 18.
The method according to claim 19, wherein said obtaining the identity authentication result of the object to be authenticated comprises:

Sending the biometric template to be authenticated or the quantized value to be authenticated to the server through a secure channel; wherein the quantized value to be authenticated is obtained by quantifying the biometric template to be authenticated;

receiving the identity authentication result of the object to be authenticated sent by the server.
The method according to claim 19, wherein said obtaining the identity authentication result of the object to be authenticated comprises:

Obtaining the auxiliary data of the bottom bank;

performing quantification according to the biometric template to be authenticated to obtain a quantified value to be authenticated;

Perform a decoding operation corresponding to the encoding operation according to the quantization value to be authenticated and the bottom library auxiliary data, and determine at least one to-be-authenticated corresponding to at least one first auxiliary data contained in the bottom library auxiliary data key;

Verifying the key to be authenticated to determine an identity authentication result for the object to be authenticated.
The method of claim 20, wherein,

Verifying the key to be authenticated to determine an identity authentication result for the object to be authenticated, including:

determining a corresponding hash value to be authenticated according to part or all of the key to be authenticated, and determining an identity authentication result for the object to be authenticated according to the hash value to be authenticated;

Among them, for a hash value to be authenticated, if there is a first hash value in the base library that matches the hash value to be authenticated in the first hash value of the base library, then the key to be authenticated corresponding to the hash value to be authenticated The verification result of the verification is that the verification is passed; the first hash value of the bottom library is the first hash value corresponding to the first auxiliary data contained in the auxiliary data of the bottom library, or the first hash value of the bottom library The value is a first hash value satisfying a first specified condition; the first hash value is included in the registration information.
The method according to claim 19, wherein said obtaining the identity authentication result of the object to be authenticated comprises:

Obtaining the auxiliary data of the bottom bank;

performing quantification according to the biometric template to be authenticated to obtain a quantified value to be authenticated;

Perform a decoding operation corresponding to the encoding operation according to the quantization value to be authenticated and the bottom library auxiliary data, and determine at least one to-be-authenticated corresponding to at least one first auxiliary data contained in the bottom library auxiliary data key;

Obtaining a multi-factor key to be authenticated according to part or all of the key to be authenticated and the second transformed key;

Verifying the to-be-authenticated multi-factor key to determine an identity authentication result for the to-be-authenticated object.
The method according to claim 23, wherein verifying the multi-factor key to be authenticated to determine the identity authentication result of the object to be authenticated comprises:

determining a corresponding multi-factor hash value to be authenticated according to part or all of the multi-factor key to be authenticated, and determining an identity authentication result for the object to be authenticated according to the multi-factor hash value to be authenticated;

Among them, for a multi-factor hash value to be authenticated, if there is a second hash value of the bottom library that matches the multi-factor hash value to be authenticated in the second hash value of the bottom library, then the multi-factor hash value to be authenticated The verification result of the corresponding multi-factor key to be authenticated is a verification pass; the second hash value of the bottom library is the second hash value corresponding to the first auxiliary data contained in the bottom library auxiliary data, or The second hash value of the base library is a second hash value that satisfies a second specified condition; the second hash value is included in the registration information.
The method according to claim 22 or 24, further comprising:

Obtain the user ID corresponding to the matching hash value; wherein, when the key to be authenticated is verified and the identity authentication result of the object to be authenticated is determined, the matching hash value is verified as Verifying the hash value to be authenticated corresponding to the key to be authenticated that passes the verification, or when the multi-factor key to be authenticated is verified and the identity authentication result for the object to be authenticated is determined, the matching The verification result of the hash value is the multi-factor hash value to be authenticated corresponding to the multi-factor key to be authenticated that passes the verification.
The method according to claim 19, wherein said obtaining the identity authentication result of the object to be authenticated comprises:

Obtain the authentication key;

performing the encoding operation according to the biometric template to be authenticated and the authentication key to obtain auxiliary data to be authenticated;

An identity authentication result of the object to be authenticated is determined according to a comparison result of the auxiliary data to be authenticated and the auxiliary data of the bottom database.
The method according to any one of claims 19-26, further comprising:

According to the second biometric area, determine the second index feature; the second index feature and the first index feature in claim 14 are extracted by the same feature extraction method; the bottom library auxiliary data is the same as the first index feature The first auxiliary data corresponding to the first index data whose index feature satisfies the distance condition.
The method according to claim 27, wherein the distance condition corresponding to the first index feature is determined according to the noise information corresponding to the first index feature in the registration information.
An identity registration method applied to a server, the method comprising:

receiving the registration information sent by the terminal device, the registration information is determined by the identity registration method according to any one of claims 13-18; storing the registration information in a database.
The method according to claim 29, wherein the registration information includes a first index feature; the method further comprises:

Obtain noise information that adds noise to the first index feature; add noise to the first index feature according to the noise information to obtain the first index feature after noise addition; the first index feature in the registration information is the first index feature after the noise addition; adding noise to the first index feature according to the noise information to obtain the first index feature after the noise addition, including: according to the noise addition method in the first index feature Adding noise data to an index feature, and/or adding noise data of the noise intensity to the first index feature to obtain a noise-added first index feature; the noise information is received from a terminal device or Determined according to the noise addition decision information received from the terminal equipment;

receiving noise addition decision information from a terminal device; determining noise information for adding noise to the first index feature according to the noise addition decision information; sending the noise information to the terminal device;

Wherein, the noise addition decision information includes at least one of the performance information of the terminal device, the network information between the terminal device and the server connected to the terminal device, and the expected security level; the noise information includes: At least one of noise adding method and noise intensity; the noise information is determined according to the noise adding decision information; the registration information of the object to be registered also includes the noise information.
The method according to claim 29 or 30, further comprising:

determining simulation assistance data, and storing the simulation assistance data in the database; or,

Determining simulation auxiliary data, determining simulation index features, and associating and storing the simulation index features and the simulation auxiliary data into the database;

Wherein, the simulation auxiliary data is generated in one of the following ways:

Generate a simulated image, the simulated image includes a simulated biological feature area, determine a simulated biological feature template for the simulated feature area according to the simulated biological feature area, and determine the simulation auxiliary data according to the simulated biological feature template;

Generate a simulated biometric template, and determine the simulated auxiliary data according to the simulated biometric template;

The simulation assistance data is generated directly.
A method of identity authentication, comprising:

Receive the authentication request sent by the terminal device;

According to the authentication request, bottom library auxiliary data is determined from the registration information stored in the database by the method according to any one of claims 29-31; wherein the bottom library auxiliary data includes at least one first auxiliary data .
The method of claim 32, further comprising:

According to the quantitative value to be authenticated obtained by quantizing the biometric template to be authenticated and the auxiliary data of the base library, perform a decoding operation corresponding to the encoding operation, and determine at least one of the items contained in the auxiliary data of the base library At least one key to be authenticated corresponding to the first auxiliary data; wherein, the quantized value to be authenticated is obtained by quantizing the biometric template to be authenticated after receiving the biometric template to be authenticated sent by the terminal device through a secure channel; or , the quantized value to be authenticated is sent by the terminal device through a secure channel;

Verifying the key to be authenticated to determine an identity authentication result for the object to be authenticated.
The method according to claim 33, wherein verifying the key to be authenticated to determine the identity authentication result of the object to be authenticated comprises:

determining a corresponding hash value to be authenticated according to part or all of the key to be authenticated, and determining an identity authentication result for the object to be authenticated according to the hash value to be authenticated;

Among them, for a hash value to be authenticated, if there is a first hash value in the base library that matches the hash value to be authenticated in the first hash value of the base library, then the key to be authenticated corresponding to the hash value to be authenticated The verification result of the verification is that the verification is passed; the first hash value of the bottom library is the first hash value corresponding to the first auxiliary data contained in the auxiliary data of the bottom library, or the first hash value of the bottom library The value is a first hash value satisfying a first specified condition; the first hash value is included in the registration information.
The method of claim 32, further comprising:

According to the quantitative value to be authenticated obtained by quantizing the biometric template to be authenticated and the auxiliary data of the base library, perform a decoding operation corresponding to the encoding operation, and determine at least one of the items contained in the auxiliary data of the base library At least one key to be authenticated corresponding to the first auxiliary data; wherein, the quantized value to be authenticated is obtained by quantizing the biometric template to be authenticated after receiving the biometric template to be authenticated sent by the terminal device through a secure channel; or , the quantized value to be authenticated is sent by the terminal device through a secure channel;

Obtaining a multi-factor key to be authenticated according to part or all of the key to be authenticated and the second converted key;

Verifying the to-be-authenticated multi-factor key to determine an identity authentication result for the to-be-authenticated object.
The method according to claim 35, wherein verifying the multi-factor key to be authenticated to determine the identity authentication result of the object to be authenticated comprises:

determining a corresponding multi-factor hash value to be authenticated according to part or all of the multi-factor key to be authenticated, and determining an identity authentication result for the object to be authenticated according to the multi-factor hash value to be authenticated;

Among them, for a multi-factor hash value to be authenticated, if there is a second hash value of the bottom library that matches the multi-factor hash value to be authenticated in the second hash value of the bottom library, then the multi-factor hash value to be authenticated The verification result of the corresponding multi-factor key to be authenticated is a verification pass; the second hash value of the bottom library is the second hash value corresponding to the first auxiliary data contained in the bottom library auxiliary data, or The second hash value of the base library is a second hash value that satisfies a second specified condition; the second hash value is included in the registration information.
A method according to claim 34 or 36, further comprising:

Obtain the user ID corresponding to the matching hash value; wherein, when the key to be authenticated is verified and the identity authentication result of the object to be authenticated is determined, the matching hash value is verified as Verifying the hash value to be authenticated corresponding to the key to be authenticated that passes the verification, or when the multi-factor key to be authenticated is verified and the identity authentication result for the object to be authenticated is determined, the matching The verification result of the hash value is the multi-factor hash value to be authenticated corresponding to the multi-factor key to be authenticated that passes the verification.
The method according to claim 32, wherein said determining the identity authentication result of the object to be authenticated according to the biometric template to be authenticated and the auxiliary data of the bottom database includes:

Obtain the authentication key;

performing the encoding operation according to the biometric template to be authenticated and the authentication key to obtain auxiliary data to be authenticated;

An identity authentication result of the object to be authenticated is determined according to a comparison result of the auxiliary data to be authenticated and the auxiliary data of the bottom database.
The method according to any one of claims 32-38, wherein the authentication request contains a second index feature, and the second index feature is based on the second biometric area included in the image to be authenticated of the object to be authenticated determined; the second index feature and the first index feature described in claim 14 are extracted by the same feature extraction method;

According to the authentication request, determining the bottom library auxiliary data from the registration information stored in the database by the method according to any one of claims 29-31 includes: querying the distance from the second index feature in the database A plurality of first index features satisfying the distance condition; querying the database for a plurality of first auxiliary data corresponding to the plurality of first index features one-to-one, to obtain bottom library auxiliary data.
The method according to claim 39, wherein the distance condition corresponding to the first index feature is determined according to the noise information corresponding to the first index feature in the registration information.
A key usage method comprising:

Using the identity authentication method described in any one of claims 21-25 to authenticate the object to be authenticated;

If the identity authentication of the object to be authenticated is successful, use the verified key determined by the identity authentication method described in any one of claims 21-25 to perform digital signature, message encryption, message decryption, and application login , one or more processes in digital wallet management;

Wherein, the key that passes the verification includes the key to be authenticated that passes the verification, the multi-factor key to be authenticated that passes the verification, or the key to be authenticated that is used to generate the multi-factor key to be authenticated that passes the verification. key.
A digital signature method comprising:

The registration information is determined through the identity registration method according to any one of claims 16 to 18; wherein, the registration information includes first auxiliary data;

generating a first public key corresponding to the first private key; wherein the first private key is a key corresponding to the first auxiliary data or a first multi-factor key corresponding to the first auxiliary data;

Sending the first public key to a sign verifier, so that the sign verifier uses the first public key to verify the digital signature generated using the first private key.
A digital signature method comprising:

Using the identity authentication method described in any one of claims 21-25 to authenticate the object to be authenticated;

If the identity authentication of the object to be authenticated is successful, use the verified key determined by the identity authentication method described in any one of claims 21-25 to sign the information to be signed, and obtain a digital signature signature data;

Sending the signature data to the signature verification party, so that the signature verification party can use the public key corresponding to the key that passes the verification to verify the digital signature of the signature data; wherein, the verification The public key corresponding to the passed key is sent to the verification party through the method described in claim 42; the verified key includes the verified key to be authenticated, the verified verified key to be authenticated The factor key or the key to be authenticated used to generate the multi-factor key to be authenticated that passes the verification.
A message decryption method, comprising:

The registration information is determined by the identity registration method according to any one of claims 16-18; wherein, the registration information includes first auxiliary data;

generating a second public key corresponding to the second private key; wherein the second private key is a key corresponding to the first auxiliary data or a first multi-factor key corresponding to the first auxiliary data;

Send the second public key to the message encryption party.
A message decryption method, comprising:

Receive the data to be decrypted sent by the message encryption party;

Using the identity authentication method described in any one of claims 21-25 to authenticate the object to be authenticated;

If the identity authentication of the object to be authenticated is successful, then use the verified key determined by the identity authentication method according to any one of claims 21-25 to decrypt the data to be decrypted to obtain decrypted data ;

Wherein, the public key corresponding to the verified key is sent to the message encryption party through the method described in claim 44; the verified key includes the verified key to be authenticated, the verified key The multi-factor key to be authenticated that has passed the verification or the key to be authenticated used to generate the multi-factor key to be authenticated that has passed the verification; the data to be decrypted is the public key corresponding to the key that has passed the verification key for encryption.
An application login method, comprising:

Using the identity authentication method described in any one of claims 21-25 to authenticate the object to be authenticated;

If the identity authentication of the object to be authenticated is successful, the key that has passed the verification determined by the identity authentication method described in any one of claims 21-25 will be used to log into the target application; or, the key will be used to log in to the target application program; The verified key determined by the identity authentication method according to claim 25 and the user ID logging into the target application program;

Wherein, the key that passes the verification includes the key to be authenticated that passes the verification, the multi-factor key to be authenticated that passes the verification, or the key to be authenticated that is used to generate the multi-factor key to be authenticated that passes the verification. key.
The method according to claim 46, wherein, using the verified key determined by the identity authentication method according to any one of claims 21-25 to log in to the target application program includes: perform a hash operation on the key, and send the result of the hash operation to the application server to log in to the target application; or, use the verified key determined by the identity authentication method as claimed in claim 25 and the user Identifying the login target application program includes: performing a hash operation according to the verified key, and sending the hash operation result and the user ID to an application server to log in to the target application program.
A block chain node information synchronization method, applied to the current block chain node on the block chain, the block chain includes a plurality of block chain nodes, the method includes:

Through the identity registration method described in any one of claims 16-18, the registration information is determined, and the registration information includes the first auxiliary data;

generating a third public key corresponding to the third private key; wherein the third private key is a key corresponding to the first auxiliary data or a first multi-factor key corresponding to the first auxiliary data;

broadcasting the third public key to other blockchain nodes on the blockchain.
A block chain node information synchronization method, applied to the current block chain node on the block chain, the block chain includes a plurality of block chain nodes, the method includes:

Using the identity authentication method described in any one of claims 21-25 to authenticate the object to be authenticated;

If the identity authentication of the object to be authenticated is successful, use the verified key determined by the identity authentication method according to any one of claims 21-25 to sign the transaction information, and obtain the transaction information with a digital signature transaction data;

broadcasting the transaction data to other blockchain nodes on the blockchain, so that the other blockchain nodes can use the public key corresponding to the verified key to pair the digital data of the transaction data signature for signature verification; wherein, the public key corresponding to the verified key is sent to the signature verification party through the method described in claim 48; the verified key includes the verified key to be The authentication key, the unauthenticated multi-factor key that passes the verification, or the unauthenticated key used to generate the unauthenticated multi-factor key that passes the verification.
A privacy-protected image processing device, comprising:

A first acquiring module, configured to acquire an image to be processed, where the image to be processed includes a first biometric feature area, and the first biometric feature area includes a plurality of first feature points;

The first determination module is configured to determine a first biometric template of the first biometric region according to the first biometric region, and the first biometric template includes biological characters corresponding to the plurality of first characteristic points feature representation;

An encoding module, configured to perform an encoding operation on the first biometric template to obtain first auxiliary data;

The encoding module is implemented in any of the following ways:

performing feature conversion on the first biometric template to obtain first auxiliary data; the feature conversion is determined according to a key corresponding to the first auxiliary data;

Perform quantization according to the first biometric template to obtain a quantized value; determine an error correction code word according to a key corresponding to the first auxiliary data; perform a first conversion process on the error correction code word to obtain first auxiliary data ; Wherein, the determining the error correction code word according to the key corresponding to the first auxiliary data includes: determining the error correction code word according to the key corresponding to the first auxiliary data and the quantization value; and/or, the Performing a first transformation process on the error correction code word to obtain first auxiliary data includes: performing a first transformation process on the error correction code word according to the quantization value to obtain first auxiliary data; The first transformation process is an irreversible transformation;

Perform quantization according to the first biometric template to obtain a quantized value; determine an error correction code word; perform a second conversion process on the error correction code word to obtain first auxiliary data; generate a first auxiliary data according to the quantized value A key corresponding to the auxiliary data; wherein, determining an error correction code word; performing a second transformation process on the error correction code word to obtain the first auxiliary data, including: randomly determining an error correction code word; according to the quantization Perform the second transformation process on the error correction code word to obtain the first auxiliary data; or determine the error correction code word according to the quantization value, and perform the second transformation process on the error correction code word to obtain the first auxiliary data; the second transformation process is an irreversible transformation;

Wherein, the encoding operation includes an irreversible transformation.
An identity registration device, comprising:

The second determination module is configured to determine the first auxiliary data in the registration information of the object to be registered by the method described in any one of claims 1-15.
An identity authentication device, comprising:

A second acquiring module, configured to acquire an image to be authenticated of an object to be authenticated, the image to be authenticated includes a second biometric feature area, and the second biometric feature area includes a plurality of second feature points;

A third determining module, configured to determine a biometric template to be authenticated in the second biometric region according to the second biometric region;

The third obtaining module is used to obtain the identity authentication result of the object to be authenticated, and the identity authentication result is determined according to the biometric template to be authenticated and the auxiliary data of the bottom database;

Wherein, the bottom database auxiliary data includes at least one first auxiliary data; the first auxiliary data is determined by the identity registration method described in any one of claims 16-18.
An identity registration device, comprising:

The first receiving module is configured to receive the registration information sent by the terminal device, the registration information is determined by the identity registration method according to any one of claims 16-18;

A second storage module, configured to store the registration information in a database, where the registration information includes first auxiliary data.
An identity authentication device, comprising:

The second receiving module is configured to receive the authentication request sent by the terminal device;

The bottom library auxiliary data determination module is used to determine the bottom library auxiliary data from the registration information stored in the database by the method according to any one of claims 29-31 according to the authentication request; wherein, the bottom library The assistance data includes at least one first assistance data.
An electronic device, comprising: a processor and a memory, the memory stores machine-readable instructions executable by the processor, and when the electronic device is running, the machine-readable instructions are executed by the processor as follows: The steps of any one of claims 1-49.
A computer-readable storage medium, where a computer program is stored on the computer-readable storage medium, and when the computer program is run by a processor, the steps of the method according to any one of claims 1 to 49 are executed.