WO2023128345A1 - Procédé et système d'identification personnelle utilisant une image chiffrée de manière homomorphe - Google Patents

Procédé et système d'identification personnelle utilisant une image chiffrée de manière homomorphe Download PDF

Info

Publication number
WO2023128345A1
WO2023128345A1 PCT/KR2022/019485 KR2022019485W WO2023128345A1 WO 2023128345 A1 WO2023128345 A1 WO 2023128345A1 KR 2022019485 W KR2022019485 W KR 2022019485W WO 2023128345 A1 WO2023128345 A1 WO 2023128345A1
Authority
WO
WIPO (PCT)
Prior art keywords
image data
image
encrypted
homomorphically
user
Prior art date
Application number
PCT/KR2022/019485
Other languages
English (en)
Korean (ko)
Inventor
안용대
박준홍
Original Assignee
주식회사 디사일로
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 주식회사 디사일로 filed Critical 주식회사 디사일로
Publication of WO2023128345A1 publication Critical patent/WO2023128345A1/fr

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V10/00Arrangements for image or video recognition or understanding
    • G06V10/10Image acquisition
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V40/00Recognition of biometric, human-related or animal-related patterns in image or video data
    • G06V40/10Human or animal bodies, e.g. vehicle occupants or pedestrians; Body parts, e.g. hands
    • G06V40/16Human faces, e.g. facial parts, sketches or expressions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols

Definitions

  • the present invention relates to a method and system for identifying individuals using homomorphic encrypted images.
  • a user inputs a password using alphabets and numbers or a personal identification number consisting only of numbers for authentication, thereby identifying whether or not the user is a correct user.
  • the second is a method of recognizing the user's unique biometric information such as the user's fingerprint, iris, face, and voice to identify whether the user is a valid user.
  • a user carries an additional device only for authentication, such as an OTP (One-Time Password) generation device of Internet banking and an employee ID card, and uses the device when authentication is requested to identify the correct user.
  • OTP One-Time Password
  • the first method is the most used among them, but because users designate different passwords for each system and it is difficult to remember them, many people use short and common passwords for convenience, which is weak in terms of security.
  • the third method has a disadvantage in that the user must always carry the device for authentication, and the process of reissuing the device is cumbersome if the device is lost while in possession.
  • the second identification method using the user's unique biometric information which has no risk of loss and does not change, is a safe method. Significant time and cost for building data is consumed, and there is a problem in that a user's image (unique bio information) is exposed.
  • the inventors of the present invention have attempted to develop a method and a system for safely identifying a user without fear of exposure of the user's image using only a device capable of acquiring the user's image.
  • the inventors of the present invention configured a method so that biometric information unique to the user is not exposed by homomorphically encrypting image data acquired from the user and then obtaining an operation result obtained by homomorphically encrypting the user identification result.
  • a personal identification method using a homomorphic encrypted image includes obtaining first image data of a user, homomorphically encrypting the first image data, transmitting the homomorphically encrypted first image data to an image processing server, and performing the homomorphic encryption from the image processing server. and receiving a homomorphically encrypted identification result calculated on the basis of the first image data and pre-stored second image data of another user, and decrypting the homomorphically encrypted identification result.
  • the transmitting of the homomorphically encrypted first image data includes transmitting a parameter for a homomorphic encryption operation used to homomorphically encrypt the first image data to the image operation server.
  • a parameter for a homomorphic encryption operation used to homomorphically encrypt the first image data can include more.
  • the homomorphically encrypted identification result may be an identification result calculated based on the homomorphically encrypted first image data and the homomorphically encrypted second image data based on the parameters.
  • the second image data is image data of a plurality of different users pre-stored in the image calculation server, and the decoding may include other image data matching the user among the plurality of other users.
  • the method may further include obtaining an identification result for the user.
  • the first image data and the second image data may include at least one of an image captured through an identifier device, a plurality of feature coordinate values extracted from the image, and RGB values for each pixel of the image. may contain one.
  • the homomorphic encryption step uses any one of partial homomorphic encryption, somewhat homomorphic encryption, and fully homomorphic encryption. It may be a step of performing homomorphic encryption.
  • the method may include receiving an operation request including homomorphically encrypted first image data of a user from an identifier device, obtaining previously stored second image data of another user according to the operation request, the homomorphically encrypted first image data. Calculating a homomorphically encrypted identification result based on one image data and the second image data, and sending the homomorphically encrypted identification result to the identifier device.
  • the receiving of the operation request further comprises receiving parameters for a homomorphic encryption operation, used to homomorphically encrypt the first image data, from the identifier device, wherein the obtaining The performing may further include performing homomorphic encryption on the second image data based on the parameter.
  • the calculating of the homomorphically encrypted identification result may include determining a first location corresponding to the homomorphically encrypted first image data and a second location corresponding to the second image data. and calculating a distance value between the first location and the second location corresponding to the identification result.
  • the calculating of the homomorphically encrypted identification result may include the second image data of the plurality of other users and the homomorphically encrypted first image data according to the type of the received operation request. It may be a step of calculating an encrypted identification result based on.
  • a user can be identified without sharing user-specific bio information (face image) to an external server for user identification in a public space.
  • the present invention can identify a user or determine whether a user is the same as another user.
  • the user's face image can be safely protected by calculating the user's image data in a state of homomorphic encryption and decrypting and confirming only the calculation result in the device that acquired the user's image.
  • the present invention does not need to possess a separate device or memorize a unique identification number for user identification and user authentication, so user convenience can be improved.
  • Effects according to the present invention are not limited by the contents exemplified above, and more various effects are included in the present invention.
  • FIG. 1 is a schematic diagram of a personal identification system according to an embodiment of the present invention.
  • FIG. 2 is a block diagram showing the configuration of an identifier device according to an embodiment of the present invention.
  • FIG. 3 is a flowchart of a personal identification method of an identifier device according to an embodiment of the present invention.
  • FIGS. 4 and 5 are schematic diagrams for explaining a personal identification interface screen output to an identifier device according to an embodiment of the present invention.
  • FIG. 6 is a block diagram showing the configuration of an image calculation server that performs a homomorphic encryption calculation according to an embodiment of the present invention.
  • FIG. 7 is a flowchart of a personal identification method of an image calculation server according to an embodiment of the present invention.
  • FIGS. 8 and 9 are schematic flowcharts of a data identification method according to an embodiment of the present invention.
  • expressions such as “A or B,” “at least one of A and/and B,” or “one or more of A or/and B” may include all possible combinations of the items listed together.
  • first,” “second,” “first,” or “second,” used in this document may modify various elements, regardless of order and/or importance, and refer to one element as It is used only to distinguish it from other components and does not limit the corresponding components.
  • a first user device and a second user device may represent different user devices regardless of order or importance.
  • a first element may be named a second element, and similarly, the second element may also be renamed to the first element.
  • a component e.g., a first component
  • another component e.g., a second component
  • the certain component may be directly connected to the other component or connected through another component (eg, a third component).
  • an element e.g, a first element
  • another element e.g., a second element
  • the element and the above It may be understood that other components (eg, third components) do not exist between the other components.
  • the expression “configured to” means “suitable for,” “having the capacity to,” depending on the circumstances. ,” “designed to,” “adapted to,” “made to,” or “capable of.”
  • the term “configured (or set) to” may not necessarily mean only “specifically designed to” hardware.
  • the phrase “device configured to” may mean that the device is “capable of” in conjunction with other devices or components.
  • a processor configured (or configured) to perform A, B, and C” may include a dedicated processor (e.g., embedded processor) to perform those operations, or by executing one or more software programs stored in a memory device.
  • a general-purpose processor eg, CPU or application processor
  • FIG. 1 is a schematic diagram of a personal identification system according to an embodiment of the present invention.
  • a personal identification system 1000 may include an identifier device 100 displaying a user's personal identification result and an image calculation server 200 calculating a user's personal identification result.
  • the personal identification system 1000 may be a system capable of identifying a user using a user's image.
  • identifying a user can be understood as recognizing what kind of user a user is or determining whether a user is the same as another user by comparing unique bio information (image of a user) between two users. .
  • other users as comparison targets for user identification may be users of a group to which the user belongs.
  • users registered in a DB server (not shown) (or image calculation server 200) of a company, school, or region to which the user belongs or users registered in a conference in which the user participates are other users to be compared.
  • the identifier device 100 may pre-designate a DB server to be used to use the personal identification service in order to increase accuracy of personal identification results and improve identification speed.
  • the identifier device 100 and the image calculation server 200 can send and receive all data in an encrypted state, and the identifier device 100 and the image calculation server 200 in an encrypted state Data can be encrypted through a homomorphic encryption technique to enable data operation.
  • data exchanged between the identifier device 100 and the image processing server 200 in the personal identification system 1000 is homomorphic encrypted data, not the original data, and the original data can be stored in each device.
  • the identifier device 100 and the image calculation server 200 may homomorphically encrypt data through a web page or application/program capable of processing homomorphically encrypted data, and may perform calculations between homomorphically encrypted data.
  • the identifier device 100 and the image calculation server 200 may perform operations between homomorphic ciphertext or between homomorphic ciphertext and plaintext, and may homomorphically encrypt image data using various homomorphic encryption algorithms.
  • the identifier device 100 and the image calculation server 200 use any one encryption method of partial homomorphic encryption, somewhat homomorphic encryption, and fully homomorphic encryption. Homomorphic encryption can be used to image data.
  • the identifier device 100 is a device capable of acquiring a user's image and outputting an image identification result, and may be implemented as a PC, tablet PC, smart phone, wearable device, or the like.
  • the user's unique bio information refers to images of various regions of the user's body that can be captured, and may include images of a face, vein, iris, fingerprint, and the like.
  • the identifier device 100 may transmit parameters for homomorphic encryption operation to the image operation server 200 so as to obtain an identification result for a corresponding user based on the homomorphically encrypted first image data (image of the user).
  • the parameters may be the polynomial degree of a function used for homomorphic encryption operation, scale bits and coefficients specified for homomorphic encryption operation, and attribute information (resolution, size) of an image.
  • the identifier device 100 may receive an identification result subjected to a homomorphic encryption operation using a parameter, and may obtain an identification result for a user by decrypting it. For example, when the identifier device 100 is installed in a certain space, the identifier device 100 may take a user's image, encrypt it, and transmit the same to the image calculation server 200, and the image calculation server The isomorphically encrypted operation result received from step 200 is decrypted, and whether or not the corresponding user is registered as an accessible user, that is, whether or not the corresponding user is allowed to enter can be output to each user according to the user identification result.
  • the identifier device 100 may directly perform the calculation without receiving the isomorphically encrypted calculation result from the image calculation server 200 .
  • the identifier device 100 may receive second image data of another user that is homomorphically encrypted from the image calculation server 200, perform an operation between the two homomorphically encrypted data, and operate between the homomorphically encrypted data. The method will be described later.
  • the identifier device 100 may homomorphically encrypt the directly captured image itself, but may extract feature points (feature data) from the image and homomorphically encrypt them according to a manager's setting. In this case, the identifier device 100 may transmit metadata about the feature data to the image calculation server 200 as the first image data that is homomorphically encrypted.
  • the image calculation server 200 is a server capable of performing calculations between homomorphically encrypted data using pre-stored image data according to the calculation request of the identifier device 100, and includes PCs, tablet PCs, smart phones, general-purpose computers, It can be implemented with a laptop and a cloud server.
  • the image calculation server 200 may store a plurality of second image data (images of other users), perform a homomorphic encryption operation with one user's image data, or perform a plurality of user image data according to the type of operation request. It is possible to perform a plurality of homomorphic encryption operations using
  • the image calculation server 200 may calculate a homomorphic encrypted calculation result, and decryption of the calculation result may be performed by the identifier device 100 . That is, since the image calculation server 200 receives the homomorphically encrypted first image data from the identifier device 100, performs calculation, and transmits the result without decryption, the image calculation server 200 It is not possible to confirm an identification result of whether the user matches user A previously stored or whether the user is one of a plurality of users.
  • the image calculation server 200 performs an operation based on the homomorphically encrypted first image data and the plaintext second image data, or uses an encryption key in which parameters received from the identifier device 100 are reflected. Thus, an operation may be performed based on the homomorphically encrypted second image data.
  • the image calculation server 200 may provide a web page or application for isomorphic data encryption and identification result decryption to the identifier device 100 .
  • the identifier device 100 and the image calculation server 200 may pre-process image data stored in their respective devices to reduce the burden of homomorphic encryption calculation before performing homomorphic encryption.
  • the identifier device 100 and the image calculation server 200 may convert image data into locations in order to calculate a similarity to the image data. That is, each image data can be converted to a designated position of a discretized grid system.
  • the personal identification system 1000 according to an embodiment of the present invention has been described. According to the present invention, all data transmitted and received between the identifier device 100 and the image calculation server 200 is in a state of homomorphic encryption, so there is no possibility of exposure of a user image while personal identification service is provided, and personal information is infringed. situation can be prevented.
  • FIG. 2 is a block diagram showing the configuration of an identifier device according to an embodiment of the present invention.
  • the identifier device 100 may include a memory interface 110 , one or more processors 120 and a peripheral interface 130 .
  • the various components within identifier device 100 may be connected by one or more communication buses or signal lines.
  • the memory interface 110 may be connected to the memory 150 and transfer various data to the processor 120 .
  • the memory 150 is a flash memory type, a hard disk type, a multimedia card micro type, a card type memory (eg SD or XD memory, etc.), RAM, SRAM, ROM, EEPROM, PROM, network storage storage, cloud , It may include at least one type of storage medium among blockchain databases.
  • the memory 150 acquires an image of a user, and converts data constituting a personal identification interface screen for outputting a personal identification result, preprocessed first image data, and first image data in a form capable of homomorphic encryption.
  • a function for conversion, an algorithm for homomorphic encryption, homomorphically encrypted first image data, parameters for homomorphic encryption operation, and the like may be stored.
  • memory 150 includes operating system 151 , communication module 152 , graphical user interface module (GUI) 153 , sensor processing module 154 , telephony module 155 , and application module 156 .
  • the operating system 151 may include instructions for processing basic system services and instructions for performing hardware tasks.
  • the communication module 152 may communicate with at least one of one or more other devices, computers, and servers.
  • a graphical user interface module (GUI) 153 may process a graphical user interface.
  • Sensor processing module 154 may process sensor-related functions (eg, process voice input received through one or more microphones 192 ).
  • the phone module 155 may process phone-related functions.
  • the application module 156 may perform various functions of a user application, such as electronic messaging, web browsing, media processing, navigation, imaging, and other processing functions.
  • the identifier device 100 may store one or more software applications 156 - 1 and 156 - 2 (eg, a personal identification service application) associated with any one type of service in the memory 150 .
  • the memory 150 may store a digital assistant client module 157 (hereinafter referred to as a DA client module), thereby storing instructions and various user data 158 for performing client-side functions of the digital assistant.
  • a digital assistant client module 157 hereinafter referred to as a DA client module
  • various user data 158 for performing client-side functions of the digital assistant.
  • user-customized vocabulary data, preference data, other data such as the user's electronic address book, etc.
  • the DA client module 157 receives a user's voice input, text input, touch input, and/or gesture input through various user interfaces (eg, the I/O subsystem 140) provided in the identifier device 100.
  • various user interfaces eg, the I/O subsystem 140
  • the DA client module 157 may output audio-visual and tactile data.
  • the DA client module 157 may output data consisting of a combination of at least two of voice, sound, notification, text message, menu, graphic, video, animation, and vibration.
  • the DA client module 157 may communicate with a digital assistant server (not shown) using the communication subsystem 180 .
  • DA client module 157 may collect additional information about the surrounding environment of identifier device 100 from various sensors, subsystems, and peripheral devices to construct a context associated with user input. .
  • the DA client module 157 may infer the user's intention by providing context information together with the user's input to the digital assistant server.
  • the situational information that may accompany the user input may include sensor information, eg, lighting, ambient noise, ambient temperature, image of the surrounding environment, video, and the like.
  • the contextual information may include the physical state of the identifier device 100 (eg, device orientation, device location, device temperature, power level, speed, acceleration, motion pattern, cellular signal strength, etc.).
  • the context information is information related to the state of the software of the identifier device 100 (eg, processes running on the identifier device 100, installed programs, past and present network activity, background services, error logs, resource usage). etc.) may be included.
  • the memory 150 may include added or deleted commands, and the identifier device 100 may also include additional components other than those shown in FIG. 2 or may exclude some components.
  • the processor 120 may control the overall operation of the identifier device 100, and may execute various commands for implementing an interface for personal identification service by driving an application or program stored in the memory 150.
  • the processor 120 may correspond to an arithmetic device such as a central processing unit (CPU) or an application processor (AP).
  • the processor 120 may be implemented in the form of an integrated chip (IC) such as a System on Chip (SoC) in which various computing devices performing machine learning, such as a Neural Processing Unit (NPU), are integrated. .
  • IC integrated chip
  • SoC System on Chip
  • NPU Neural Processing Unit
  • the processor 120 may homomorphically encrypt an image and obtain an identification result of a homomorphically encrypted user based on the homomorphic encryption, which will be described below with reference to FIGS. 3 to 5 .
  • FIGS. 4 and 5 are schematic diagrams for explaining a personal identification interface screen output to an identifier device according to an embodiment of the present invention. am.
  • the processor 120 may acquire first image data of the user (S110). For example, the processor 120 may acquire a user's image captured through the camera subsystem 170, and when using a vein distribution pattern rather than the user's image for personal identification, the communication module 152 Images of a finger and a wrist may be obtained from a wearable device (not shown) possessed by an individual user.
  • the processor 120 of the identifier device 100 may provide an interface screen for acquiring the user's first image data as shown in (a).
  • the interface screen may include a guideline 10 for obtaining a user's face image through the camera subsystem 170 and a user guide text 11 .
  • information on the location where the identifier device 100 is placed and time information for performing personal identification may be displayed together on the interface screen.
  • the processor 120 may obtain the user image through the camera subsystem 170 as shown in (b).
  • the processor 120 may homomorphically encrypt the entire image, but may also homomorphically encrypt feature points of the image according to a manager's setting. To this end, the processor 120 may extract feature data from the image. Specifically, the processor 120 calculates the rate of change of pixel values based on the horizontal/vertical position of the image (image differentiation), performs edge detection and corner detection using these values, Acquiring feature data (coordinate values of feature points), image histogram, gradient histogram descriptor, FAST (Features from Accelerated Segment Test), SIFT (Scale-Invariant Feature Transform), SURF (Speed- Feature data (coordinate values of feature points) may be acquired through a method such as Up Robust Features. Accordingly, for example, the processor 120 may extract coordinate values of the user's eyes, nose, and mouth from the image, and may also extract RGB values for each pixel of the image.
  • the processor 120 since the data size of the RGB values for each pixel of the image may be excessively large depending on the size or resolution of the image, the processor 120, for example, converts the RBG values at pixels corresponding to a plurality of feature coordinate values to the user's It can be used as the first image data.
  • the processor 120 may pre-process the user's first image data in order to reduce the burden of the homomorphic encryption operation. For example, the processor 120 may convert image data into positions using a pre-stored function in order to calculate a similarity between the first image data and the second image data to be compared.
  • the processor 120 may homomorphically encrypt the first image data (S120). Specifically, the processor 120 may homomorphically encrypt the first image data using an encryption key in which parameters for homomorphic encryption operation are reflected.
  • the processor 120 may encrypt the first image data using any one of partial homomorphic encryption, somewhat homomorphic encryption, and fully homomorphic encryption. Homomorphic encryption is possible.
  • the processor 120 may transmit the homomorphically encrypted first image data to the image calculation server 200 through the communication module 152 (S130).
  • the processor 120 may transmit to the image calculation server 200 an operation request including the homomorphically encrypted first image data and parameters used in the process of homomorphically encrypting the first image data.
  • parameters include the polynomial degree of a function used for homomorphic encryption operation, scale bits and coefficients specified for homomorphic encryption operation, and image attribute information (resolution, size).
  • the processor 120 may receive a homomorphically encrypted identification result calculated based on the homomorphically encrypted first image data and pre-stored second image data of another user from the image calculation server 200 (S140). ).
  • the homomorphically encrypted identification result may be an identification result calculated based on the homomorphically encrypted first image data and the homomorphically encrypted second image data based on the parameters provided in step S130 .
  • the first and second image data may be computed in a homomorphic encrypted state using an encryption key to which the same parameters are reflected, and accordingly, the identification result computed by the image computation server 200 may be correctly decrypted.
  • the processor 120 may receive a pre-stored identification result with image data of one other user or identification result with image data of a plurality of other users according to an operation request.
  • the processor 120 may decrypt the homomorphically encrypted identification result (S150). Specifically, the processor 120 may output decoded results of different types to the touch screen 143 according to an operation request. For example, the processor 120 may check an identification result of whether the user matches another designated user or an identification result of whether the user is one of a plurality of users.
  • the processor 120 of the identifier device 100 determines whether or not the user is allowed access according to whether the user matches or does not match any one of the plurality of access users, as shown in (a). It is possible to provide a notification 13 indicating.
  • the peripheral interface 130 may be connected to various sensors, subsystems, and peripheral devices to provide data so that the identifier device 100 can perform various functions.
  • that the identifier device 100 performs a certain function may be understood as being performed by the processor 120 .
  • Perimeter interface 130 may receive data from motion sensor 160, light sensor (light sensor) 161, and proximity sensor 162, through which identifier device 100 may receive orientation, light, and proximity. sensing function, etc.
  • the peripheral interface 130 may receive data from other sensors 163 (positioning system-GPS receiver, temperature sensor, biometric sensor) through which the identifier device 100 may receive data from the other sensors. It can perform functions related to (163).
  • the identifier device 100 may include a camera subsystem 170 coupled to the peripheral interface 130 and an optical sensor 171 coupled thereto, through which the identifier device 100 may take pictures and video Various shooting functions such as clip recording can be performed.
  • identifier device 100 may include a communication subsystem 180 coupled with peripheral interface 130 .
  • the communication subsystem 180 is composed of one or more wired/wireless networks, and may include various communication ports, radio frequency transceivers, and optical transceivers.
  • identifier device 100 includes an audio subsystem 190 coupled to peripheral interface 130, which audio subsystem 190 includes one or more speakers 191 and one or more microphones 192.
  • the identifier device 100 can perform voice-activated functions, such as voice recognition, voice replication, digital recording, and telephony functions.
  • identifier device 100 may include I/O subsystem 140 coupled with peripheral interface 130 .
  • the I/O subsystem 140 may control the touch screen 143 included in the identifier device 100 through the touch screen controller 141 .
  • the touch screen controller 141 uses any one of a plurality of touch sensing technologies such as capacitive, resistive, infrared, surface acoustic wave technology, proximity sensor array, and the like to provide a user's touch and motion or touch. and cessation of movement.
  • I/O subsystem 140 may control other input/control devices 144 included in identifier device 100 via other input controller(s) 142 .
  • other input controller(s) 142 may control one or more buttons, rocker switches, thumb-wheels, infrared ports, USB ports, and pointer devices such as styluses and the like.
  • the identifier device 100 may request an operation using homomorphically encrypted image data to the image operation server 200 in order to compare its own image data with image data of another user, and accordingly Accordingly, the identity of the user can be quickly confirmed while protecting the portrait right of the user.
  • FIG. 6 is a block diagram showing the configuration of an image calculation server that performs a homomorphic encryption calculation according to an embodiment of the present invention.
  • the image processing server 200 may include a communication interface 210, a memory 220, an I/O interface 230, and a processor 240, each component comprising one or more communication buses or They can communicate with each other through signal lines.
  • the communication interface 210 may be connected to a plurality of identifier devices 100 through a wired/wireless communication network to exchange data.
  • the communication interface 210 may receive an operation request including homomorphically encrypted first image data and parameters for a homomorphic encryption operation from the identifier device 100, and may receive the homomorphically encrypted first image data from the identifier device 100. Identification results can be transmitted.
  • the communication interface 210 enabling the transmission and reception of such data includes a communication pod 211 and a wireless circuit 212, where the wired communication port 211 is one or more wired interfaces, for example, Ethernet, This may include Universal Serial Bus (USB), FireWire, and the like.
  • the wireless circuit 212 may transmit/receive data with an external device through an RF signal or an optical signal.
  • wireless communication may use at least one of a plurality of communication standards, protocols and technologies, such as GSM, EDGE, CDMA, TDMA, Bluetooth, Wi-Fi, VoIP, Wi-MAX, or any other suitable communication protocol.
  • the memory 220 may store various data used in the image calculation server 200 .
  • the memory 220 may be configured to convert the second image data (user image, feature data (coordinate values, RGB values) extracted from the user image) for a plurality of users into a form capable of isomorphic encryption. It can store functions, algorithms for homomorphic encryption, etc.
  • the memory 220 may include volatile or non-volatile recording media capable of storing various data, commands, and information.
  • the memory 220 may be a flash memory type, a hard disk type, a multimedia card micro type, a card type memory (eg SD or XD memory, etc.), RAM, SRAM, ROM, EEPROM, PROM, network storage storage , Cloud, and a blockchain database may include at least one type of storage medium.
  • the memory 220 may store configurations of at least one of the operating system 221 , the communication module 222 , the user interface module 223 , and one or more applications 224 .
  • Operating system 221 e.g. embedded operating systems such as LINUX, UNIX, MAC OS, WINDOWS, VxWorks, etc.
  • general system tasks e.g. memory management, storage device control, power management, etc.
  • general system tasks e.g. memory management, storage device control, power management, etc.
  • the communication module 223 may support communication with other devices through the communication interface 210 .
  • the communication module 220 may include various software components for processing data received by the wired communication port 211 or the wireless circuit 212 of the communication interface 210 .
  • the user interface module 223 may receive a user's request or input from a keyboard, touch screen, microphone, etc. through the I/O interface 230 and provide a user interface on a display.
  • Applications 224 may include programs or modules configured to be executed by one or more processors 230 .
  • an application for computing image data may be implemented on a server farm.
  • the I/O interface 230 may connect at least one of an input/output device (not shown) of the image calculation server 200, for example, a display, a keyboard, a touch screen, and a microphone, to the user interface module 223.
  • the I/O interface 230 may receive user input (eg, voice input, keyboard input, touch input, etc.) together with the user interface module 223 and process a command according to the received input.
  • the processor 240 is connected to the communication interface 210, the memory 220, and the I/O interface 230 to control overall operations of the image calculation server 200, and applications or programs stored in the memory 220. It is possible to perform various commands for processing homomorphically encrypted data through
  • the processor 240 may correspond to an arithmetic device such as a central processing unit (CPU) or an application processor (AP).
  • the processor 240 may be implemented in the form of an integrated chip (IC) such as a System on Chip (SoC) in which various computing devices are integrated.
  • the processor 240 may include a module for calculating an artificial neural network model, such as a Neural Processing Unit (NPU).
  • NPU Neural Processing Unit
  • the processor 240 may provide a service for identifying a user in a state in which the user's personal information is not exposed, which will be described below with reference to FIG. 7 .
  • FIG. 7 is a flowchart of a personal identification method of an image calculation server according to an embodiment of the present invention.
  • the processor 240 may receive an operation request including homomorphically encrypted first image data of the user from the identifier device 100 through the communication interface 210 (S210).
  • the operation request may include a parameter for a homomorphic encryption operation used to homomorphically encrypt the first image data and feature data extracted from the first image.
  • the processor 240 may acquire pre-stored second image data of another user according to the operation request (S220). The processor 240 determines whether the operation request is for one other user's second image data or a plurality of other users' second image data, and the user's second image data stored in the memory 220 Image data can be loaded.
  • the processor 240 may homomorphically encrypt another user's second image data stored in the memory 220 using an encryption key in which the same parameter of the homomorphically encrypted first image data is reflected.
  • the processor 240 may homomorphically encrypt second image data of one other user stored in the memory 220 or homomorphically encrypt second image data of a plurality of other users stored in the memory 220 according to an operation request.
  • the processor 240 may perform homomorphic encryption using any one of partial homomorphic encryption, somewhat homomorphic encryption, and fully homomorphic encryption. .
  • the processor 240 may acquire the previously stored second image data of another user and may not perform homomorphic encryption.
  • the processor 240 may calculate a homomorphically encrypted identification result based on the homomorphically encrypted first image data and the second image data (S230). Specifically, the processor 240 converts the two image data to a distance similarity calculation method (eg, Euclidean distance measurement method, Minkowski distance measurement method, Cosine similarity calculation method, The similarity between image data (image identification result) may be calculated by calculating using a mean squared difference similarity calculation method, a Pearson similarity calculation method, or the like.
  • a distance similarity calculation method eg, Euclidean distance measurement method, Minkowski distance measurement method, Cosine similarity calculation method.
  • the processor 240 may determine a first position corresponding to the homomorphically encrypted first image data and a second position corresponding to the second image data. For example, the processor 240 may determine a location corresponding to each image data as a real number value or a location vector using a hexagonal hierarchical spatial index (H3) system.
  • H3 hexagonal hierarchical spatial index
  • the processor 240 may obtain a value corresponding to an identification result by calculating a distance value between the first location and the second location using the aforementioned distance similarity calculation method. For example, when the calculated distance value is included in a predetermined distance range, the processor 240 may calculate a homomorphic encrypted identification result including a result that the two image data are similar, and the calculated distance value is If it is not included in the predetermined distance range, a homomorphic encrypted identification result including a result indicating that the two image data are not similar may be calculated.
  • the processor 240 may calculate an encrypted identification result based on the first image data that is homomorphically encrypted with the second image data of one or more other users, according to the type of operation request.
  • the processor 240 cannot determine a similarity result between the two image data.
  • the processor 240 may transmit the homomorphically encrypted identification result to the identifier device 100 (S240).
  • the homomorphic encrypted identification result can be decrypted by the identifier device 100, and accordingly, the processor 240 does not acquire a user's image in a format such as jpg, png, or pdf, and stores a plurality of images stored in the memory 220. Comparison with other users' images and identification results may be calculated and provided to the identifier device 100.
  • the image calculation server 200 according to an embodiment of the present invention has been described.
  • a user's own image is homomorphically encrypted and decrypted in a state stored in each safe device, and the image calculation server 200 delivers only the homomorphically encrypted calculation result, thereby minimizing the risk of processing sensitive information.
  • FIGS. 8 and 9 are schematic flowcharts of a data identification method according to an embodiment of the present invention.
  • the identifier device 100 may acquire an image of a user (S10) or, in addition, extract feature data from the image (S11), and homomorphically encrypt the image or feature data (first image data). It can (S12).
  • the identifier device 100 may transmit parameters for homomorphic encryption calculation to the image calculation server 200 together with the homomorphically encrypted first image data.
  • the parameter for the homomorphic encryption operation may be a parameter applied to an encryption key of the homomorphically encrypted first image data.
  • the image operation server 200 may homomorphically encrypt previously stored second image data using parameters (S14), and calculate a homomorphically encrypted identification result based on the homomorphically encrypted first and second image data (S15). ) (that is, it can operate on homomorphic encrypted data). Specifically, the image calculation server 200 may determine locations corresponding to the homomorphically encrypted image data, calculate a distance between the locations, perform calculations between the homomorphically encrypted data, and generate a value corresponding to the identification result. can be obtained
  • the image calculation server 200 may perform a comparison operation between the plaintext second image data and the homomorphically encrypted first image data without encrypting the previously stored second image data.
  • the image calculation server 200 transmits the encrypted calculation result to the identifier device 100 (S16), the identifier device 100 decrypts the calculation result (S17), and outputs the decryption result on the display screen. (S18).
  • calculation between homomorphic encrypted data may be performed in the identifier device 100 in the same manner as in the image calculation server 200 .
  • steps S20 to S21 are the same as before, but the identifier device 100 may selectively perform homomorphic encryption on the image or feature data (S22).
  • the identifier device 100 may transmit a data identification request including parameters for isomorphic encryption operation to the image operation server 200 (S23).
  • the image calculation server 200 may homomorphically encrypt a plurality of pre-stored second image data using the same parameters as previously received parameters and transmit the same to the identifier device 100 according to the data identification request.
  • the identifier device 100 may calculate a homomorphically encrypted identification result based on the homomorphically encrypted first and second image data ( S25) (that is, homomorphic encrypted data can be calculated).
  • the identifier device 100 may transmit the encrypted calculation result to the image calculation server 200 (S26), and the image calculation server 200 may decrypt and transmit the calculation result again (S27).
  • the identifier device 100 may output a decoded result (S28), and the result may be, for example, whether or not the image of the user and another user matches, and the user's identification information.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • Multimedia (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Signal Processing (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Oral & Maxillofacial Surgery (AREA)
  • Human Computer Interaction (AREA)
  • Computer Hardware Design (AREA)
  • Image Analysis (AREA)
  • Collating Specific Patterns (AREA)

Abstract

La présente invention concerne un procédé d'identification personnelle utilisant une image chiffrée de manière homomorphe, le procédé comprenant les étapes consistant à : obtenir de premières données d'image d'un utilisateur ; chiffrer de manière homomorphe les premières données d'image ; transmettre les premières données d'image chiffrées de manière homomorphe à un serveur de calcul d'image ; recevoir un résultat d'identification chiffré de manière homomorphe calculé sur la base des premières données d'image chiffrées de manière homomorphe et des secondes données d'image pré-stockées d'un autre utilisateur à partir du serveur de calcul d'image ; et déchiffrer le résultat d'identification chiffré de manière homomorphe.
PCT/KR2022/019485 2021-12-30 2022-12-02 Procédé et système d'identification personnelle utilisant une image chiffrée de manière homomorphe WO2023128345A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR10-2021-0192467 2021-12-30
KR1020210192467A KR102404763B1 (ko) 2021-12-30 2021-12-30 동형 암호화된 이미지를 이용한 개인 식별 방법 및 시스템

Publications (1)

Publication Number Publication Date
WO2023128345A1 true WO2023128345A1 (fr) 2023-07-06

Family

ID=81985536

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2022/019485 WO2023128345A1 (fr) 2021-12-30 2022-12-02 Procédé et système d'identification personnelle utilisant une image chiffrée de manière homomorphe

Country Status (2)

Country Link
KR (1) KR102404763B1 (fr)
WO (1) WO2023128345A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117201698A (zh) * 2023-11-07 2023-12-08 北京隐算科技有限公司 一种安全高效的图像识别方法

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR102404763B1 (ko) * 2021-12-30 2022-06-02 주식회사 디사일로 동형 암호화된 이미지를 이용한 개인 식별 방법 및 시스템
KR102619059B1 (ko) 2022-11-23 2024-01-02 이병진 동형암호 기반의 데이터 암호화 및 동형암호화된 데이터의 비식별화 시스템과 완전동형화를 적용한 머신러닝 기반의 안면 비식별화 방법

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101755995B1 (ko) * 2016-03-16 2017-07-10 인하대학교 산학협력단 동형 암호를 이용한 특성벡터 기반 원격 바이오 인증 방법 및 시스템
CN110011954A (zh) * 2018-11-27 2019-07-12 阿里巴巴集团控股有限公司 基于同态加密的生物识别方法、装置、终端及业务服务器
US20190220866A1 (en) * 2018-01-12 2019-07-18 Visa International Service Association Authentication Based on Biometric Identification Parameter of an Individual for Payment Transaction
KR20190085674A (ko) * 2018-01-11 2019-07-19 삼성전자주식회사 전자 장치, 서버 및 그 제어 방법
US20200358611A1 (en) * 2019-05-06 2020-11-12 Inferati Inc. Accurate, real-time and secure privacy-preserving verification of biometrics or other sensitive information
KR102404763B1 (ko) * 2021-12-30 2022-06-02 주식회사 디사일로 동형 암호화된 이미지를 이용한 개인 식별 방법 및 시스템

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101755995B1 (ko) * 2016-03-16 2017-07-10 인하대학교 산학협력단 동형 암호를 이용한 특성벡터 기반 원격 바이오 인증 방법 및 시스템
KR20190085674A (ko) * 2018-01-11 2019-07-19 삼성전자주식회사 전자 장치, 서버 및 그 제어 방법
US20190220866A1 (en) * 2018-01-12 2019-07-18 Visa International Service Association Authentication Based on Biometric Identification Parameter of an Individual for Payment Transaction
CN110011954A (zh) * 2018-11-27 2019-07-12 阿里巴巴集团控股有限公司 基于同态加密的生物识别方法、装置、终端及业务服务器
US20200358611A1 (en) * 2019-05-06 2020-11-12 Inferati Inc. Accurate, real-time and secure privacy-preserving verification of biometrics or other sensitive information
KR102404763B1 (ko) * 2021-12-30 2022-06-02 주식회사 디사일로 동형 암호화된 이미지를 이용한 개인 식별 방법 및 시스템

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117201698A (zh) * 2023-11-07 2023-12-08 北京隐算科技有限公司 一种安全高效的图像识别方法
CN117201698B (zh) * 2023-11-07 2024-01-12 北京隐算科技有限公司 一种安全高效的图像识别方法

Also Published As

Publication number Publication date
KR102404763B1 (ko) 2022-06-02

Similar Documents

Publication Publication Date Title
WO2023128345A1 (fr) Procédé et système d'identification personnelle utilisant une image chiffrée de manière homomorphe
WO2023128342A1 (fr) Procédé et système d'identification d'un individu à l'aide d'une voix chiffrée de manière homomorphe
WO2015126135A1 (fr) Procédé et appareil de traitement d'informations biométriques dans un dispositif électronique
WO2019144738A1 (fr) Procédé de vérification de service financier, appareil et dispositif, et support d'informations informatique
WO2021085799A1 (fr) Dispositif électronique permettant d'effectuer une authentification d'utilisateur à l'aide d'informations biométriques d'utilisateur et son procédé de fonctionnement
EP3707628A1 (fr) Dispositif électronique d'authentification d'utilisateur à l'aide d'un signal audio et procédé associé
WO2020036311A1 (fr) Procédé et dispositif destinés à la génération de contenu
WO2016036115A1 (fr) Dispositif électronique et procédé de gestion de réenregistrement
WO2016204466A1 (fr) Procédé d'authentification d'utilisateur et dispositif électronique prenant en charge ce procédé
WO2013125910A1 (fr) Procédé et système d'authentification d'utilisateur d'un dispositif mobile par l'intermédiaire d'informations biométriques hybrides
WO2019139420A1 (fr) Dispositif électronique, serveur et procédé de commande associé
WO2023128341A1 (fr) Procédé et système de détection de transaction frauduleuse à l'aide de données chiffrées de manière homomorphe
WO2012053875A2 (fr) Appareil et système pour transmettre et recevoir des données via des informations d'empreinte digitale
WO2020184987A1 (fr) Dispositif électronique comprenant un circuit intégré sécurisé
WO2018080198A1 (fr) Dispositif électronique et procédé pour effectuer une authentification
WO2018169150A1 (fr) Système et procédé d'authentification d'utilisateur à base d'écran verrouillé
WO2020032351A1 (fr) Procédé permettant d'établir une identité numérique anonyme
WO2020190099A1 (fr) Dispositif électronique de gestion d'informations personnelles et procédé de fonctionnement de celui-ci
WO2022146026A1 (fr) Procédé de traitement de données protégées et dispositif électronique le prenant en charge
WO2017200239A2 (fr) Procédé et appareil d'authentification utilisateur sur la base d'une entrée tactile comprenant des informations d'empreinte digitale
WO2020235733A1 (fr) Dispositif et procédé permettant d'authentifier un utilisateur et d'obtenir une signature d'utilisateur grâce à la biométrie de l'utilisateur
WO2019147105A1 (fr) Dispositif électronique, dispositif électronique externe et système les comprenant
WO2020189811A1 (fr) Dispositif électronique et procédé de commande associé
WO2021157880A1 (fr) Dispositif électronique et procédé de traitement de données
WO2023128340A1 (fr) Procédé et système de traitement de données chiffrées homomorphes

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22916491

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE