CN115100715A

CN115100715A - Biological information identification method and device

Info

Publication number: CN115100715A
Application number: CN202210749718.5A
Authority: CN
Inventors: 王琪; 周雍恺
Original assignee: China Unionpay Co Ltd
Current assignee: China Unionpay Co Ltd
Priority date: 2022-06-28
Filing date: 2022-06-28
Publication date: 2022-09-23
Anticipated expiration: 2042-06-28
Also published as: CN115100715B

Abstract

The embodiment of the application provides a biological information identification method and a device, which relate to the technical field of computers, and the method comprises the following steps: the method comprises the steps of dividing a reference feature vector of reference biological information into a plurality of feature vector fragments and storing the plurality of feature vector fragments in a plurality of identification backgrounds respectively, so that any one identification background cannot restore the whole reference feature vector based on one stored feature vector fragment to identify the biological information, and the safety of feature vector information storage is guaranteed. Secondly, each recognition background independently calculates the characteristic distance between the local characteristic vector fragment and the target characteristic vector of the biological information to be recognized based on a homomorphic encryption operation mode, and then the characteristic distances are gathered to one recognition background to be calculated to realize biological information recognition, so that calculation in a ciphertext state is realized, the calculation safety is ensured, the communication round and the communication traffic are reduced, the calculation performance is improved, and the communication resource consumption is reduced.

Description

Biometric information identification method and device

技术领域technical field

本申请实施例涉及计算机技术领域，尤其涉及一种生物信息识别方法及装置。The embodiments of the present application relate to the field of computer technologies, and in particular, to a method and device for identifying biological information.

背景技术Background technique

在生物特征识别场景(比如人脸识别场景)中，采用欧氏距离和余弦距离来衡量生物信息的特征距离，进而判别是否为同一生物对象。相关技术中，在进行生物特征识别时，采用明文数据或原图数据的形式存储生物信息，然后通过计算明文数据或原图数据形式的生物信息之间的特征距离，来判别是否为同一生物对象。In a biometric recognition scene (such as a face recognition scene), the Euclidean distance and the cosine distance are used to measure the characteristic distance of biological information, and then to determine whether it is the same biological object. In the related art, when performing biometric identification, the biological information is stored in the form of plaintext data or original image data, and then it is determined whether it is the same biological object by calculating the characteristic distance between the biological information in the form of plaintext data or original image data. .

然而，采用上述方式进行生物信息的存储和比对时，存在生物信息泄漏的风险，从而影响数据的安全性。However, when biometric information is stored and compared in the above manner, there is a risk of biometric information leakage, thereby affecting data security.

发明内容SUMMARY OF THE INVENTION

本申请实施例提供了一种生物信息识别方法及装置，用于提高生物信息数据的安全性。Embodiments of the present application provide a method and device for identifying biological information, which are used to improve the security of biological information data.

一方面，本申请实施例提供了一种生物信息识别方法，应用于安全计算系统中的每个识别平台，包括：On the one hand, an embodiment of the present application provides a biometric information identification method, which is applied to each identification platform in a secure computing system, including:

获取待识别生物信息的目标特征向量，以及从向量分片库中获取至少一个参考生物标识对应的本地特征向量分片；Obtain the target feature vector of the biological information to be identified, and obtain the local feature vector fragment corresponding to at least one reference biological identifier from the vector fragment library;

针对每个参考生物标识，确定相应的本地特征向量分片与所述目标特征向量之间的特征距离，以及向保存有相应的其他特征向量分片的至少一个其他识别平台发送所述目标特征向量，并接收所述至少一个其他识别平台发送的所述目标特征向量与保存的其他特征向量分片之间的特征距离；For each reference biological identifier, determine the feature distance between the corresponding local feature vector fragment and the target feature vector, and send the target feature vector to at least one other identification platform that stores the corresponding other feature vector fragments , and receive the feature distance between the target feature vector sent by the at least one other identification platform and the other feature vector fragments saved;

基于获得的多个特征距离，确定所述待识别生物信息的识别结果。Based on the obtained multiple characteristic distances, a recognition result of the biological information to be recognized is determined.

一方面，本申请实施例提供了一种生物信息识别装置，应用于安全计算系统中的每个识别平台，包括：On the one hand, an embodiment of the present application provides a biometric information identification device, which is applied to each identification platform in a secure computing system, including:

获取模块，包括获取待识别生物信息的目标特征向量，以及从向量分片库中获取至少一个参考生物标识对应的本地特征向量分片；an acquisition module, including acquiring a target feature vector of the biological information to be identified, and acquiring a local feature vector fragment corresponding to at least one reference biological identifier from the vector fragment library;

处理模块，用于针对每个参考生物标识，确定相应的本地特征向量分片与所述目标特征向量之间的特征距离，以及向保存有相应的其他特征向量分片的至少一个其他识别平台发送所述目标特征向量，并接收所述至少一个其他识别平台发送的所述目标特征向量与保存的其他特征向量分片之间的特征距离；The processing module is used to determine the feature distance between the corresponding local feature vector fragment and the target feature vector for each reference biological identifier, and send to at least one other identification platform that stores the corresponding other feature vector fragments the target feature vector, and receive the feature distance between the target feature vector sent by the at least one other identification platform and the other feature vector fragments saved;

识别模块，用于基于获得的多个特征距离，确定所述待识别生物信息的识别结果。The identification module is configured to determine the identification result of the biological information to be identified based on the obtained multiple characteristic distances.

可选地，所述处理模块还用于：Optionally, the processing module is also used for:

获取待识别生物信息的目标特征向量之前，针对每个参考生物标识，获取所述参考生物标识对应的参考生物信息，并对所述参考生物信息进行特征提取，获取参考特征向量；Before obtaining the target feature vector of the biological information to be identified, for each reference biological marker, obtain the reference biological information corresponding to the reference biological marker, and perform feature extraction on the reference biological information to obtain the reference feature vector;

将所述参考特征向量划分为多个特征向量分片；dividing the reference feature vector into a plurality of feature vector slices;

将所述多个特征向量分片中的一个特征向量分片作为本地特征向量分片进行保存，将所述多个特征向量分片中的至少一个其他特征向量分片分别发送至相应的其他识别平台进行保存。One feature vector fragment in the plurality of feature vector fragments is stored as a local feature vector fragment, and at least one other feature vector fragment in the plurality of feature vector fragments is sent to the corresponding other identification. platform to save.

获取用于保存所述多个特征向量分片的多个识别平台的设备信息；Acquiring device information of multiple identification platforms for saving the multiple feature vector fragments;

保存所述参考生物标识和所述多个识别平台的设备信息；saving the reference biomarker and device information of the plurality of identification platforms;

针对每个其他识别平台，将所述参考生物标识和所述多个识别平台的设备信息发送至所述其他识别平台进行保存。For each other identification platform, the reference biological identifier and the device information of the multiple identification platforms are sent to the other identification platforms for storage.

可选地，所述多个特征向量分片为明文形式的或者同态加密后的特征向量分片，所述目标特征向量为明文形式的或者同态加密后的特征向量。Optionally, the plurality of feature vector fragments are in plaintext or after homomorphic encryption, and the target feature vector is in plaintext or after homomorphic encryption.

可选地所述待识别生物信息与目标生物标识对应；Optionally, the biological information to be identified corresponds to the target biological identifier;

所述获取模块具体用于：The acquisition module is specifically used for:

从所述向量分片库中获取与所述目标生物标识匹配的一个参考生物标识对应的本地特征向量分片。A local feature vector fragment corresponding to a reference biological identifier matching the target biological identifier is obtained from the vector fragment library.

可选地，所述识别模块具体用于：Optionally, the identification module is specifically used for:

基于获得的多个特征距离，确定所述目标特征向量与所述一个参考生物标识对应的参考特征向量之间的目标特征距离；Determine the target feature distance between the target feature vector and the reference feature vector corresponding to the one reference biomarker based on the obtained multiple feature distances;

若所述目标特征距离小于距离阈值，则确定所述待识别生物信息的识别结果为验证通过；If the target feature distance is less than the distance threshold, it is determined that the identification result of the biological information to be identified is verified as passed;

若所述目标特征距离大于等于距离阈值，则确定所述待识别生物信息的识别结果为验证不通过。If the target feature distance is greater than or equal to the distance threshold, it is determined that the identification result of the biological information to be identified is that the verification fails.

对获得的多个特征距离进行同态加法运算，获得所述目标特征向量与所述一个参考生物标识对应的参考特征向量之间的候选特征距离；Homomorphic addition is performed on the obtained multiple feature distances to obtain candidate feature distances between the target feature vector and the reference feature vector corresponding to the one reference biological identifier;

采用同态加密私钥对所述候选特征距离进行解密，获得所述目标特征距离。The candidate feature distance is decrypted using a homomorphic encryption private key to obtain the target feature distance.

可选地，所述向量分片库中包括多个参考生物标识各自对应的本地特征向量分片；Optionally, the vector fragment library includes local feature vector fragments corresponding to multiple reference biological identifiers;

可选地，所述获取模块具体用于：Optionally, the obtaining module is specifically used for:

从所述向量分片库获取所述多个参考生物标识各自对应的本地特征向量分片。The respective corresponding local feature vector fragments of the multiple reference biological identifiers are acquired from the vector fragment library.

针对所述多个参考生物标识中的每个参考生物标识，基于所述参考生物标识关联的多个特征距离，确定所述目标特征向量与所述参考生物标识对应的参考特征向量之间的目标特征距离；For each reference biomarker in the multiple reference biomarkers, determine a target between the target feature vector and the reference feature vector corresponding to the reference biomarker based on multiple feature distances associated with the reference biomarker feature distance;

从获得的多个目标特征距离中，确定最小特征距离；From the obtained multiple target feature distances, determine the minimum feature distance;

若所述最小特征距离小于距离阈值，则确定所述待识别生物信息的识别结果为验证通过；If the minimum characteristic distance is less than the distance threshold, then determine that the identification result of the biological information to be identified is verified as passed;

若所述最小特征距离大于等于距离阈值，则确定所述待识别生物信息的识别结果为验证不通过。If the minimum characteristic distance is greater than or equal to the distance threshold, it is determined that the identification result of the biological information to be identified is that the verification fails.

一方面，本申请实施例提供了一种计算机设备，包括存储器、处理器及存储在存储器上并可在处理器上运行的计算机程序，所述处理器执行所述程序时实现上述图像处理方法的步骤。On the one hand, an embodiment of the present application provides a computer device, including a memory, a processor, and a computer program stored in the memory and running on the processor, the processor implementing the above image processing method when the program is executed. step.

一方面，本申请实施例提供了一种计算机可读存储介质，其存储有可由计算机设备执行的计算机程序，当所述程序在计算机设备上运行时，使得所述计算机设备执行上述生物信息识别方法的步骤。On the one hand, an embodiment of the present application provides a computer-readable storage medium, which stores a computer program that can be executed by a computer device, and when the program runs on the computer device, causes the computer device to execute the above-mentioned biometric information identification method A step of.

一方面，本申请实施例提供了一种计算机程序产品，所述计算机程序产品包括存储在计算机可读存储介质上的计算机程序，所述计算机程序包括程序指令，当所述程序指令被计算机设备执行时，使所述计算机设备执行上述生物信息识别方法的步骤。In one aspect, an embodiment of the present application provides a computer program product, the computer program product includes a computer program stored on a computer-readable storage medium, the computer program includes program instructions, and when the program instructions are executed by a computer device At the time, the computer device is made to execute the steps of the above-mentioned biometric information identification method.

本申请实施例中，将一个参考生物信息的参考特征向量划分为多个特征向量分片并将多个特征向量分片分别保存在多个识别后台中，这样使得任意一个识别后台需要借助其他识别平台中保存的特征向量分片才能完成生物信息识别，每个识别后台均无法基于本地保存的一个特征向量分片还原整个参考特征向量，从而保证了特征向量信息存储的安全性。其次，每个识别后台基于同态加密的运算方式计算本地特征向量分片与待识别生物信息的目标特征向量的特征距离，实现了在密文状态下的计算，保证了计算的安全性。另外，每个识别后台独立计算本地特征向量分片与目标特征向量的特征距离，再将计算结果汇总至一个识别后台，相较于多方安全计算的数据交互来说，大大降低了通信轮次和通信量，从而提升了计算的性能，也降低了通信资源消耗。In the embodiment of the present application, a reference feature vector of reference biological information is divided into multiple feature vector slices, and the multiple feature vector slices are respectively stored in multiple identification backgrounds, so that any identification background needs to use other identification The biometric identification can only be completed by the feature vector shards saved in the platform. Each recognition background cannot restore the entire reference feature vector based on a feature vector shard saved locally, thus ensuring the security of feature vector information storage. Secondly, each identification background calculates the feature distance between the local feature vector fragment and the target feature vector of the biological information to be identified based on the operation method of homomorphic encryption, which realizes the calculation in the ciphertext state and ensures the security of the calculation. In addition, each recognition background independently calculates the feature distance between the local feature vector fragment and the target feature vector, and then aggregates the calculation results into one recognition background, which greatly reduces the number of communication rounds and Therefore, the performance of computing is improved and the consumption of communication resources is reduced.

附图说明Description of drawings

为了更清楚地说明本发明实施例中的技术方案，下面将对实施例描述中所需要使用的附图作简要介绍，显而易见地，下面描述中的附图仅仅是本发明的一些实施例，对于本领域的普通技术人员来讲，在不付出创造性劳动性的前提下，还可以根据这些附图获得其他的附图。In order to illustrate the technical solutions in the embodiments of the present invention more clearly, the following briefly introduces the accompanying drawings used in the description of the embodiments. Obviously, the drawings in the following description are only some embodiments of the present invention. For those of ordinary skill in the art, other drawings can also be obtained from these drawings without any creative effort.

图1为本申请实施例提供的一种系统架构的结构示意图；FIG. 1 is a schematic structural diagram of a system architecture provided by an embodiment of the present application;

图2为本申请实施例提供的一种生物信息识别方法的流程示意图；2 is a schematic flowchart of a biological information identification method provided by an embodiment of the present application;

图3为本申请实施例提供的一种特征向量分片方法的流程示意图；3 is a schematic flowchart of a feature vector fragmentation method provided by an embodiment of the present application;

图4为本申请实施例提供的一种生物信息识别方法的流程示意图；4 is a schematic flowchart of a biological information identification method provided by an embodiment of the present application;

图5为本申请实施例提供的一种生物信息识别方法的流程示意图；5 is a schematic flowchart of a biological information identification method provided by an embodiment of the present application;

图6为本申请实施例提供的一种生物信息识别装置的结构示意图；FIG. 6 is a schematic structural diagram of a biometric information identification device provided by an embodiment of the present application;

图7为本申请实施例提供的一种计算机设备的结构示意图。FIG. 7 is a schematic structural diagram of a computer device according to an embodiment of the present application.

具体实施方式Detailed ways

为了使本发明的目的、技术方案及有益效果更加清楚明白，以下结合附图及实施例，对本发明进行进一步详细说明。应当理解，此处所描述的具体实施例仅仅用以解释本发明，并不用于限定本发明。In order to make the objectives, technical solutions and beneficial effects of the present invention clearer, the present invention will be further described in detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are only used to explain the present invention, but not to limit the present invention.

参考图1，其为本申请实施例适用的一种多方安全计算的系统架构图，该系统架构包括多个终端和多个识别平台，所述多个终端包括终端101～1、终端101～2、…、终端101～N，多个识别平台包括识别平台102～1、识别平台102～2、…、识别平台102～N，其中，终端101～1对应识别平台102～1，终端101～2对应识别平台102～2，…，终端101～N对应识别平台102～N，其中，N为大于0的整数。每个识别平台中包括业务系统、特征提取模块、特征比对模块、向量分片库。Referring to FIG. 1 , which is a system architecture diagram of a multi-party secure computing applicable to an embodiment of the application, the system architecture includes multiple terminals and multiple identification platforms, and the multiple terminals include terminals 101-1 and terminals 101-2 , . Corresponding to the identification platforms 102-2, ..., the terminals 101-N correspond to the identification platforms 102-N, wherein N is an integer greater than 0. Each recognition platform includes a business system, a feature extraction module, a feature comparison module, and a vector fragmentation library.

终端预先安装需要进行生物特征识别的目标应用，比如，支付应用、即时通信应用、视频应用、购物应用等。每个终端设备具备采集生物信息的功能，其中，生物信息包括但不限于人脸信息、指纹信息、虹膜信息。终端可以是智能手机、平板电脑、笔记本电脑、台式计算机、智能家电、智能语音交互设备、智能车载设备等，但并不局限于此。The terminal is pre-installed with target applications that require biometric identification, such as payment applications, instant messaging applications, video applications, shopping applications, and the like. Each terminal device has the function of collecting biological information, wherein the biological information includes but is not limited to face information, fingerprint information, and iris information. The terminal may be a smart phone, a tablet computer, a notebook computer, a desktop computer, a smart home appliance, a smart voice interaction device, a smart vehicle-mounted device, etc., but is not limited thereto.

识别平台是目标应用的后台服务器，不同识别平台对应的目标应用不同，识别平台可以是独立的物理服务器，也可以是多个物理服务器构成的服务器集群或者分布式系统，还可以是提供云服务、云数据库、云计算、云函数、云存储、网络服务、云通信、中间件服务、域名服务、安全服务、内容分发网络(Content Delivery Network，CDN)、以及大数据和人工智能平台等基础云计算服务的云服务器。终端与识别平台可以通过有线或无线通信方式进行直接或间接地连接，任意两个识别平台之间通过有线或无线通信方式进行直接或间接地连接，本申请在此不做限制。The identification platform is the background server of the target application. Different identification platforms correspond to different target applications. The identification platform can be an independent physical server, a server cluster or a distributed system composed of multiple physical servers, or it can provide cloud services, Cloud database, cloud computing, cloud function, cloud storage, network service, cloud communication, middleware service, domain name service, security service, content delivery network (CDN), and basic cloud computing such as big data and artificial intelligence platform service cloud server. The terminal and the identification platform may be directly or indirectly connected through wired or wireless communication, and any two identification platforms may be directly or indirectly connected through wired or wireless communication, which is not limited in this application.

在实际应用中，本申请实施例中的生物信息识别方法可以应用于支付场景、登陆场景、身份验证场景等。In practical applications, the biometric information identification method in the embodiments of the present application can be applied to payment scenarios, login scenarios, identity verification scenarios, and the like.

可以理解的是，在本申请的具体实施方式中，涉及到人脸信息、指纹信息、虹膜信息等相关的生物信息数据，当本申请中的实施例运用到具体产品或技术中时，需要获得用户许可或者同意，且相关数据的收集、使用和处理需要遵守相关国家和地区的相关法律法规和标准。It can be understood that, in the specific implementation of this application, related biological information data such as face information, fingerprint information, iris information, etc. are involved. When the embodiments in this application are applied to specific products or technologies, it is necessary to obtain User permission or consent, and the collection, use and processing of relevant data need to comply with relevant laws, regulations and standards of relevant countries and regions.

基于图1所示的系统架构图，本申请实施例提供了一种生物信息识别方法的流程，如图2所示，该方法的流程由计算机设备执行，该计算机设备可以是图1所示的任意一个识别平台，包括以下步骤：Based on the system architecture diagram shown in FIG. 1 , an embodiment of the present application provides a flow of a method for identifying biological information. As shown in FIG. 2 , the flow of the method is executed by a computer device, and the computer device may be the one shown in FIG. 1 . Any identification platform, including the following steps:

步骤S201，获取待识别生物信息的目标特征向量，以及从向量分片库中获取至少一个参考生物标识对应的本地特征向量分片。Step S201 , acquiring a target feature vector of the biological information to be identified, and acquiring a local feature vector fragment corresponding to at least one reference biological identifier from a vector fragment library.

具体地，生物信息包括但不限于人脸信息、指纹信息和虹膜信息；生物标识可以是唯一标识生物信息的标识，具体可以是名称、唯一编号等，比如用户ID。每个识别平台中都包含一个向量分片库。以一个识别平台举例来说，向量分片库中的本地特征向量分片可以是该识别平台对参考特征向量分片后获得的，也可以是任意一个其他识别平台对参考特征向量分片后发送的。Specifically, the biological information includes but is not limited to face information, fingerprint information and iris information; the biological identifier may be an identifier that uniquely identifies the biological information, specifically a name, a unique number, etc., such as a user ID. A vector sharding library is included in each recognition platform. Taking a recognition platform as an example, the local feature vector fragments in the vector fragment library can be obtained by the recognition platform after fragmenting the reference feature vector, or it can be sent by any other recognition platform after fragmenting the reference feature vector. of.

在一些实施例中，针对每个参考生物标识，获取该参考生物标识对应的参考生物信息，并对参考生物信息进行特征提取，获取参考特征向量。然后将参考特征向量划分为多个特征向量分片。将多个特征向量分片中的一个特征向量分片作为本地特征向量分片进行保存，将多个特征向量分片中的至少一个其他特征向量分片发送分别发送至相应的其他识别平台进行保存。In some embodiments, for each reference biological identifier, the reference biological information corresponding to the reference biological identifier is obtained, and feature extraction is performed on the reference biological information to obtain a reference feature vector. The reference feature vector is then divided into multiple feature vector slices. Save one feature vector fragment among the multiple feature vector fragments as a local feature vector fragment, and send at least one other feature vector fragment among the multiple feature vector fragments to the corresponding other recognition platforms for saving. .

具体地，终端采集参考生物标识对应的参考生物信息，然后将参考生物信息发送至相应的识别平台。识别平台对参考生物信息进行去噪、灰度化、人脸检测、归一化等预处理后，通过特征提取模块采用神经网络模型对参考生物信息进行特征提取，获得参考特征向量。可以将参考特征向量平均划分为多个特征向量分片，也可以采用非平均的方式将参考特征向量平均划分为多个特征向量分片，多个特征向量分片是不同的特征向量。特征向量分片的数量可以基于合作存储的识别平台的数量来确定，比如，合作存储的识别平台的数量为3个，则将参考特征向量划分为3个特征向量分片。Specifically, the terminal collects the reference biological information corresponding to the reference biological identifier, and then sends the reference biological information to the corresponding identification platform. After the identification platform performs denoising, grayscale, face detection, normalization and other preprocessing on the reference biological information, the feature extraction module uses a neural network model to extract features from the reference biological information to obtain a reference feature vector. The reference feature vector may be equally divided into multiple feature vector segments, or the reference feature vector may be equally divided into multiple feature vector segments in an uneven manner, and the multiple feature vector segments are different feature vectors. The number of feature vector slices can be determined based on the number of cooperatively stored identification platforms. For example, if the number of cooperatively stored identification platforms is three, the reference feature vector is divided into three feature vector slices.

另外，可以从多个特征向量分片中随机选取一个特征向量分片作为本地特征向量分片进行保存，也可以将排在第一位的特征向量分片作为本地特征向量分片进行保存，还可以采用其他方式作为选取一个特征向量分片作为本地特征向量分片进行保存等。每个其他特征向量分片可以发送至一个其他识别平台进行保存，其他识别平台在接收到一个特征向量分片之后，将该特征向量分片作为本地特征向量分片进行保存。不同的识别平台保存的特征向量分片是不相同的。每个识别平台在获得特征向量分片之后，可以采用补零的方式将特征向量分片的维度扩展为参考特征向量的维度。In addition, a feature vector fragment can be randomly selected from multiple feature vector fragments to be saved as a local feature vector fragment, or the feature vector fragment ranked first can be saved as a local feature vector fragment. Other methods may be used as selecting a feature vector fragment to save as a local feature vector fragment, etc. Each other feature vector fragment can be sent to another recognition platform for storage, and after receiving a feature vector fragment, the other recognition platform saves the feature vector fragment as a local feature vector fragment. The feature vector slices saved by different recognition platforms are different. After each recognition platform obtains the feature vector slice, it can extend the dimension of the feature vector slice to the dimension of the reference feature vector by means of zero-padding.

在一些实施例中，识别平台除了保存本地特征向量分片之外，同时还获取用于保存多个特征向量分片的多个识别平台的设备信息，然后保存参考生物标识和多个识别平台的设备信息。针对每个其他识别平台，将参考生物标识和多个识别平台的设备信息发送至其他识别平台进行保存。In some embodiments, in addition to storing the local feature vector slices, the identification platform also acquires device information of multiple identification platforms for storing multiple feature vector slices, and then stores the reference biological identifier and the information of the multiple identification platforms. Device Information. For each other identification platform, the reference biometric identifier and the device information of multiple identification platforms are sent to other identification platforms for storage.

具体地，设备信息包括但不限于设备名称、设备ID、识别平台对应的机构信息等。对于每个识别平台，识别平台将本地特征向量分片、参考生物标识和多个识别平台的设备信息关联保存，以便在后续生物信息识别过程中，可以快速查询获得特征向量分片进行计算，从而提高生物信息识别的效率。Specifically, the device information includes, but is not limited to, the device name, device ID, organization information corresponding to the identification platform, and the like. For each identification platform, the identification platform associates and saves the local feature vector shards, the reference biometric identifiers and the device information of multiple identification platforms, so that in the subsequent biometric information identification process, the feature vector shards can be quickly queried for calculation, thereby Improve the efficiency of biometric identification.

在一些实施例中，多个特征向量分片为明文形式的特征向量分片。为了保证特征向量分片的安全性，识别平台将多个特征向量分片中的一个特征向量分片加密后，作为本地特征向量分片进行保存。每个其他识别平台在接收到一个明文形式的其他特征向量分片时，也可以对该其他特征向量分片进行加密后作为本地特征向量分片进行保存。In some embodiments, the plurality of feature vector slices are feature vector slices in plaintext. In order to ensure the security of feature vector shards, the identification platform encrypts one feature vector shard among multiple eigenvector shards and saves it as a local feature vector shard. When each other identification platform receives another feature vector fragment in plaintext, it can also encrypt the other feature vector fragment and save it as a local feature vector fragment.

在一些实施例中，多个特征向量分片为加密形式的特征向量分片。具体来说，将参考特征向量划分为多个原始向量分片，然后采用同态加密公私对每个特征向量分片进行同态加密，获得多个特征向量分片。这样，识别平台将多个特征向量分片中的一个特征向量分片作为本地特征向量分片进行保存，以及每个其他识别平台在接收到一个其他特征向量分片时，将该其他特征向量分片作为本地特征向量分片进行保存时，也能保证特征向量分片的安全性。In some embodiments, the plurality of feature vector slices are feature vector slices in encrypted form. Specifically, the reference eigenvector is divided into multiple original vector shards, and then each eigenvector shard is homomorphically encrypted using public-private homomorphic encryption to obtain multiple eigenvector shards. In this way, the recognition platform saves one feature vector fragment among the multiple feature vector fragments as a local feature vector fragment, and each other recognition platform, when receiving one other feature vector fragment, divides the other feature vector fragment into When the slice is stored as a local feature vector slice, the security of the feature vector slice can also be guaranteed.

举例来说，如图3所示，设定多方安全计算系统中包括第一终端、第二终端、第一识别平台和第二识别平台，其中，第一终端与第一识别平台对应，第二终端与第二识别平台对应，第一终端安装有支付应用。用户在支付应用中注册时，第一终端在获得用户许可的情况下，采集人脸图像和用户账号，并将人脸图像和用户账号发送至第一识别平台的业务系统。第一识别平台中的特征提取模块从业务系统获得人脸图像，并对人脸图像进行去噪、灰度化、人脸检测、归一化等预处理后，采用神经网络模型对人脸图像进行特征提取，获得参考特征向量[v1，v2，v3，……,v1024]。将参考特征向量划分为两个特征向量分片，分别为特征向量分片A[v1，v2，v3，……,v512]和特征向量分片B[v513，v514，……,v1024]。将特征向量分片A加密后保存在第一识别平台的向量分片库中，同时关联保存用户账号、第一识别平台的设备信息和第二识别平台的设备信息。For example, as shown in FIG. 3 , it is assumed that the multi-party secure computing system includes a first terminal, a second terminal, a first identification platform and a second identification platform, wherein the first terminal corresponds to the first identification platform, and the second identification platform corresponds to the first identification platform. The terminal corresponds to the second identification platform, and the first terminal is installed with a payment application. When the user registers in the payment application, the first terminal collects the face image and the user account with the user's permission, and sends the face image and the user account to the business system of the first recognition platform. The feature extraction module in the first recognition platform obtains the face image from the business system, and performs preprocessing on the face image such as denoising, grayscale, face detection, and normalization, and then uses the neural network model to analyze the face image. Perform feature extraction to obtain reference feature vectors [v1, v2, v3, ..., v1024]. Divide the reference feature vector into two feature vector slices, namely, feature vector slice A[v1, v2, v3,...,v512] and feature vector slice B[v513, v514,...,v1024]. The feature vector fragment A is encrypted and stored in the vector fragment library of the first identification platform, and the user account, the device information of the first identification platform and the device information of the second identification platform are stored in association at the same time.

第一识别平台中的特征提取模块将特征向量分片B发送至第二识别平台，第二识别平台对特征向量分片B加密后保存在第二识别平台的向量分片库中，同时关联保存用户账号、第一识别平台的设备信息和第二识别平台的设备信息。The feature extraction module in the first recognition platform sends the feature vector fragment B to the second recognition platform, and the second recognition platform encrypts the feature vector fragment B and saves it in the vector fragment library of the second recognition platform, and saves it in association at the same time. User account, device information of the first identification platform, and device information of the second identification platform.

本申请实施例中，将一个参考生物信息的参考特征向量划分为多个特征向量分片并将多个特征向量分片分别保存在多个识别后台中，故任意一个识别后台均无法基于本地保存的一个特征向量分片还原整个参考特征向量，从而保证了特征向量信息存储的安全性。In the embodiment of the present application, a reference feature vector of reference biological information is divided into multiple feature vector slices, and the multiple feature vector slices are respectively stored in multiple identification backgrounds, so any identification background cannot be saved locally based on One of the feature vector slices restores the entire reference feature vector, thus ensuring the security of feature vector information storage.

在生物信息识别阶段，终端采集待识别生物信息，然后将待识别生物信息发送至识别平台。识别平台通过特征提取模块对待识别生物信息进行特征提取，获得目标特征向量。当然，终端也可以在采集待识别生物信息后，对待识别生物信息进行特征提取，获得目标特征向量，然后将目标特征向量发送至识别平台，对此，本申请不做具体限定。另外，识别平台可以对待识别生物信息进行特征提取后，直接输出明文形式的目标特征向量，也可以对待识别生物信息进行特征提取获得原始特征向量之后，对原始特征向量进行同态加密获得目标特征向量。In the biometric information identification stage, the terminal collects the biometric information to be identified, and then sends the biometric information to be identified to the identification platform. The recognition platform performs feature extraction on the biological information to be recognized through the feature extraction module, and obtains the target feature vector. Of course, the terminal can also perform feature extraction on the biological information to be recognized after collecting the biological information to be recognized, obtain a target feature vector, and then send the target feature vector to the recognition platform, which is not specifically limited in this application. In addition, the recognition platform can directly output the target feature vector in plaintext after feature extraction of the biological information to be recognized, or can perform feature extraction on the biological information to be recognized to obtain the original feature vector, and then perform homomorphic encryption on the original feature vector to obtain the target feature vector. .

在一些实施例中，若在获取待识别生物信息的目标特征向量时，同时获得了待识别生物信息的目标生物标识，则将从向量分片库中获取与目标生物标识匹配的一个参考生物标识对应的本地特征向量分片(一对一比对进行生物信息识别的场景)。In some embodiments, if the target biological identifier of the biological information to be recognized is obtained when the target feature vector of the biological information to be recognized is obtained, a reference biological identifier matching the target biological identifier will be obtained from the vector fragment library Corresponding local feature vector shards (one-to-one comparison for biometric identification scenarios).

在一些实施例中，若在获取待识别生物信息的目标特征向量时，没有获得待识别生物信息的目标生物标识，而向量分片库中包括多个参考生物标识各自对应的本地特征向量分片。那么，识别设备从向量分片库获取多个参考生物标识各自对应的本地特征向量分片，即获取向量分片库中所有参考生物标识对应的本地特征向量分片(一对多比对进行生物信息识别的场景)，然后按照参考生物标识对多个本地特征向量分片进行排序并依次比对处理。In some embodiments, if the target biometric identifier of the biometric information to be recognized is not obtained when the target feature vector of the biometric information to be recognized is obtained, and the vector fragment library includes local feature vector fragments corresponding to each of the multiple reference biometric identifiers . Then, the identification device obtains local feature vector fragments corresponding to multiple reference biological identifiers from the vector fragmentation library, that is, obtains the local feature vector fragments corresponding to all reference biological identifiers in the vector fragmentation library (one-to-many comparison for biological identification). information recognition scene), and then sort the multiple local feature vector slices according to the reference biological identifier and compare and process them in sequence.

步骤S202，针对每个参考生物标识，确定相应的本地特征向量分片与目标特征向量之间的特征距离。Step S202, for each reference biological identifier, determine the feature distance between the corresponding local feature vector slice and the target feature vector.

具体地，特征距离可以是欧氏距离、余弦距离、马氏距离等。Specifically, the feature distance may be Euclidean distance, cosine distance, Mahalanobis distance, or the like.

当本地特征向量分片为明文形式的特征向量分片，目标特征向量为同态加密后的特征向量时，识别平台在半同态模式下，对本地特征向量分片与目标特征向量进行同态乘法运算，获得特征距离。When the local feature vector fragment is a plaintext feature vector fragment, and the target feature vector is a homomorphically encrypted feature vector, the identification platform performs homomorphism on the local feature vector fragment and the target feature vector in the semi-homomorphic mode. Multiplication operation to obtain feature distances.

当本地特征向量分片为同态加密后的特征向量分片，目标特征向量为明文形式的特征向量时，识别平台在半同态模式下，对本地特征向量分片与目标特征向量进行同态乘法运算，获得特征距离。本申请实施例中，基于半同态模式进行特征距离计算，既保证了计算的安全性，又提高了计算效率。When the local feature vector fragment is a homomorphically encrypted feature vector fragment and the target feature vector is a plaintext feature vector, the recognition platform performs homomorphism on the local feature vector fragment and the target feature vector in the semi-homomorphic mode. Multiplication operation to obtain feature distances. In the embodiment of the present application, the feature distance calculation is performed based on the semi-homogenous mode, which not only ensures the security of the calculation, but also improves the calculation efficiency.

当本地特征向量分片为同态加密后的特征向量分片，目标特征向量为同态加密后的特征向量时，识别平台在全同态模式下，对本地特征向量分片与目标特征向量进行同态乘法运算，获得特征距离。When the local feature vector fragment is the feature vector fragment after homomorphic encryption, and the target feature vector is the feature vector after homomorphism encryption, the recognition platform will perform the matching between the local feature vector fragment and the target feature vector in the fully homomorphic mode. Homomorphic multiplication operation to obtain the characteristic distance.

步骤S203，向保存有相应的其他特征向量分片的至少一个其他识别平台发送目标特征向量。Step S203, sending the target feature vector to at least one other identification platform that stores the corresponding other feature vector fragments.

由于每个参考生物标识对应的参考特征向量被划分为多个特征向量分片，故参考生物标识除了对应一个本地特征向量分片之外，还对应至少一个其他特征向量分片，每个其他特征向量分片保存在一个其他识别平台中。因此，识别平台向每个保存有该参考生物标识对应的其他特征向量分片的其他识别平台发送目标特征向量。Since the reference feature vector corresponding to each reference biomarker is divided into multiple feature vector segments, the reference biomarker corresponds to at least one other feature vector segment in addition to one local feature vector segment. Vector shards are stored in one of the other recognition platforms. Therefore, the identification platform sends the target feature vector to each other identification platform that stores other feature vector slices corresponding to the reference biomarker.

步骤S204，接收至少一个其他识别平台发送的目标特征向量与保存的其他特征向量分片之间的特征距离。Step S204: Receive the feature distance between the target feature vector sent by at least one other identification platform and the other stored feature vector fragments.

具体地，每个其他识别平台接收到目标特征向量之后，计算目标特征向量与保存的其他特征向量分片之间的特征距离。Specifically, after each other recognition platform receives the target feature vector, it calculates the feature distance between the target feature vector and other saved feature vector slices.

步骤S205，基于获得的多个特征距离，确定待识别生物信息的识别结果。Step S205, based on the obtained multiple characteristic distances, determine the identification result of the biological information to be identified.

在一些实施例中，在一对一比对进行生物信息识别的场景，基于获得的多个特征距离，确定目标特征向量与匹配的参考生物标识对应的参考特征向量之间的目标特征距离。若目标特征距离小于距离阈值，则确定待识别生物信息的识别结果为验证通过；若目标特征距离大于等于距离阈值，则确定待识别生物信息的识别结果为验证不通过。In some embodiments, in the scenario of performing biometric identification by one-to-one comparison, the target feature distance between the target feature vector and the reference feature vector corresponding to the matched reference biometric identifier is determined based on the obtained multiple feature distances. If the target feature distance is less than the distance threshold, the identification result of the biometric information to be recognized is determined to be verified; if the target feature distance is greater than or equal to the distance threshold, the identification result of the biometric information to be recognized is determined to be a failed verification.

具体地，识别平台通过特征比对模块对获得的多个特征距离进行同态加法运算，获得目标特征向量与参考生物标识对应的参考特征向量之间的候选特征距离。然后采用同态加密私钥对候选特征距离进行解密，获得目标特征距离。Specifically, the identification platform performs a homomorphic addition operation on the obtained plurality of feature distances through the feature comparison module to obtain candidate feature distances between the target feature vector and the reference feature vector corresponding to the reference biomarker. Then, the candidate feature distance is decrypted using the homomorphic encryption private key to obtain the target feature distance.

当目标特征距离小于距离阈值时，说明待识别生物信息与参考生物标识对应的参考生物信息之间的相似度大于相似度阈值，进而说明待识别生物信息与参考生物信息对应同一生物，则确定待识别生物信息的识别结果为验证通过。When the target feature distance is less than the distance threshold, it indicates that the similarity between the biological information to be identified and the reference biological information corresponding to the reference biological identifier is greater than the similarity threshold, and further indicates that the biological information to be identified and the reference biological information correspond to the same creature, then it is determined that the biological information to be identified and the reference biological information correspond to the same creature. The identification result of identifying the biometric information is the verification passed.

当目标特征距离大于等于距离阈值时，说明待识别生物信息与参考生物标识对应的参考生物信息之间的相似度小于等于相似度阈值，进而说明待识别生物信息与参考生物信息对应不同生物，则确定待识别生物信息的识别结果为验证不通过。When the target feature distance is greater than or equal to the distance threshold, it indicates that the similarity between the biological information to be identified and the reference biological information corresponding to the reference biological identifier is less than or equal to the similarity threshold, and further indicates that the biological information to be identified and the reference biological information correspond to different creatures, then It is determined that the identification result of the biological information to be identified is that the verification fails.

下面以用户验证作为具体实施场景举例来说，如图4所示，设定多方安全计算系统中包括第一终端、第二终端、第一识别平台和第二识别平台，其中，第一终端与第一识别平台对应，第二终端与第二识别平台对应，第一终端安装有购物应用。用户在购物应用中注册时，第一终端在获得用户许可的情况下，采集参考人脸图像和用户账号，并将参考人脸图像和用户账号发送至第一识别平台的业务系统。第一识别平台中的特征提取模块从业务系统获得参考人脸图像，并对参考人脸图像进行去噪、灰度化、人脸检测、归一化等预处理后，采用神经网络模型对参考人脸图像进行特征提取，获得参考特征向量[v1，v2，v3，…,v1024]。将参考特征向量划分为两个特征向量分片，分别为特征向量分片A[v1，v2，v3，…,v512]和特征向量分片B[v513，v514，…,v1024]。将特征向量分片A加密后保存在第一识别平台的向量分片库中，同时关联保存用户账号、第一识别平台的设备信息和第二识别平台的设备信息。The following takes user authentication as an example of a specific implementation scenario. As shown in FIG. 4 , it is assumed that the multi-party secure computing system includes a first terminal, a second terminal, a first identification platform and a second identification platform, wherein the first terminal and the The first identification platform corresponds to the second identification platform, the second terminal corresponds to the second identification platform, and the first terminal is installed with a shopping application. When the user registers in the shopping application, the first terminal collects the reference face image and the user account with the user's permission, and sends the reference face image and the user account to the business system of the first recognition platform. The feature extraction module in the first recognition platform obtains the reference face image from the business system, and performs preprocessing such as denoising, grayscale, face detection, and normalization on the reference face image, and uses the neural network model to compare the reference face image. Feature extraction is performed on the face image to obtain reference feature vectors [v1, v2, v3, ..., v1024]. Divide the reference feature vector into two feature vector slices, namely feature vector slice A[v1, v2, v3,...,v512] and feature vector slice B[v513, v514,...,v1024]. The feature vector fragment A is encrypted and stored in the vector fragment library of the first identification platform, and the user account, the device information of the first identification platform and the device information of the second identification platform are stored in association at the same time.

在进行用户验证时，第一终端在获得用户许可的情况下，采集待识别人脸图像和用户账号，并将待识别人脸图像和用户账号发送至第一识别平台的业务系统。第一识别平台的特征提取模块从业务系统获得待识别人脸图像，并对待识别人脸图像进行去噪、灰度化、人脸检测、归一化等预处理后，采用神经网络模型对待识别人脸图像进行特征提取，获得原始特征向量C[c1，c2，c3，…，c1024]。第一识别平台的特征比对模块生成非对称同态加密公私钥对(he_pub_key,he_pri_key)，采用非对称同态加密公钥(he_pub_key)对原始特征向量C进行同态加密，获得目标特征向量D。During user verification, the first terminal collects the face image to be recognized and the user account with the permission of the user, and sends the face image to be recognized and the user account to the business system of the first recognition platform. The feature extraction module of the first recognition platform obtains the face image to be recognized from the business system, and performs preprocessing such as denoising, grayscale, face detection, normalization, etc. Feature extraction is performed on the face image to obtain the original feature vector C[c1, c2, c3, ..., c1024]. The feature comparison module of the first identification platform generates an asymmetric homomorphic encryption public-private key pair (he_pub_key, he_pri_key), uses the asymmetric homomorphic encryption public key (he_pub_key) to perform homomorphic encryption on the original feature vector C, and obtains the target feature vector D .

第一识别平台的特征比对模块基于用户账号获取加密后的特征向量分片A，然后对加密后的特征向量分片A进行解密，获得明文形式的特征向量分片A。然后使用同态加密Lib库对目标特征向量D和特征向量分片A进行欧氏距离计算，获得第一特征距离，并将第一特征距离发送至第一识别平台的业务系统。The feature comparison module of the first identification platform obtains the encrypted feature vector fragment A based on the user account, and then decrypts the encrypted feature vector fragment A to obtain the feature vector fragment A in plaintext. Then, use the homomorphic encryption Lib library to calculate the Euclidean distance of the target feature vector D and the feature vector slice A, obtain the first feature distance, and send the first feature distance to the business system of the first recognition platform.

第一识别平台基于用户账号还可以获知第二识别平台保存了另一个特征向量分片，因此，将目标特征向量D发送至第二识别平台的业务系统，第二识别平台的特征比对模块从业务系统中获取目标特征向量D，同时基于用户账号获得加密后的特征向量分片B，并对加密后的特征向量分片B进行解密，获得明文形式的特征向量分片B。然后使用同态加密Lib库对目标特征向量D和特征向量分片B进行欧氏距离计算，获得第二特征距离，并将第二特征距离发送至第二识别平台的业务系统。第二识别平台的业务系统将第二特征距离发送至第一识别平台的业务系统。Based on the user account, the first identification platform can also learn that the second identification platform has saved another feature vector fragment, therefore, the target feature vector D is sent to the business system of the second identification platform, and the feature comparison module of the second identification platform is from The target feature vector D is obtained in the business system, and the encrypted feature vector fragment B is obtained based on the user account, and the encrypted feature vector fragment B is decrypted to obtain the feature vector fragment B in plaintext. Then use the homomorphic encryption Lib library to calculate the Euclidean distance of the target feature vector D and the feature vector fragment B to obtain the second feature distance, and send the second feature distance to the business system of the second recognition platform. The business system of the second identification platform sends the second characteristic distance to the business system of the first identification platform.

第一识别平台的业务系统基于同态加密Lib库对第一特征距离和第二特征距离进行加法运算，获得候选特征距离。然后采用非对称同态加密私钥(he_pri_key)对候选特征距离进行解密，获得目标特征距离。由于目标特征距离小于距离阈值，则确定待识别人脸图像验证通过。The business system of the first identification platform performs an addition operation on the first feature distance and the second feature distance based on the homomorphic encryption Lib library to obtain the candidate feature distance. Then, the candidate feature distance is decrypted using the asymmetric homomorphic encryption private key (he_pri_key) to obtain the target feature distance. Since the target feature distance is less than the distance threshold, it is determined that the verification of the face image to be recognized has passed.

需要说明的是，第二识别平台同样也可以采集待识别人脸图像，并采用上述相同的方式对待识别人脸图像进行验证。在涉及到第一识别平台加密的数据时，可以调用第一识别平台提供的API服务接口进行解密运算。It should be noted that the second recognition platform can also collect the face image to be recognized, and use the same method as above to verify the face image to be recognized. When the data encrypted by the first identification platform is involved, the API service interface provided by the first identification platform can be called to perform decryption operation.

在一些实施例中，在一对多比对进行生物信息识别的场景，针对多个参考生物标识中的每个参考生物标识，基于该参考生物标识关联的多个特征距离，确定目标特征向量与该参考生物标识对应的参考特征向量之间的目标特征距离。然后从获得的多个目标特征距离中，确定最小特征距离。若最小特征距离小于距离阈值，则确定待识别生物信息的识别结果为验证通过。若最小特征距离大于等于距离阈值，则确定待识别生物信息的识别结果为验证不通过。In some embodiments, in the scenario of performing biometric information identification by one-to-many comparison, for each reference biomarker in multiple reference biomarkers, based on multiple feature distances associated with the reference biomarker, determine the target feature vector and The target feature distance between the reference feature vectors corresponding to the reference biomarker. Then, from the obtained multiple target feature distances, the minimum feature distance is determined. If the minimum feature distance is less than the distance threshold, it is determined that the identification result of the biological information to be identified is verified as passed. If the minimum feature distance is greater than or equal to the distance threshold, it is determined that the identification result of the biological information to be identified is that the verification fails.

具体地，针对每个参考生物标识，均可以获得多个特征距离。以一个参考生物标识展开来说，将获得的多个特征距离进行同态加法运算，获得目标特征向量与该参考生物标识对应的参考特征向量之间的候选特征距离。然后采用同态加密私钥对候选特征距离进行解密，获得目标特征距离。Specifically, for each reference biomarker, multiple feature distances can be obtained. Taking the expansion of a reference biomarker as an example, the obtained feature distances are subjected to a homomorphic addition operation to obtain a candidate feature distance between the target feature vector and the reference feature vector corresponding to the reference biomarker. Then, the candidate feature distance is decrypted using the homomorphic encryption private key to obtain the target feature distance.

对多个目标特征距离进行归一化处理和排序后，获得最小特征距离以及最小特征距离对应的参考生物标识。当最小特征距离小于距离阈值时，说明待识别生物信息与该参考生物标识对应的参考生物信息之间的相似度大于相似度阈值，进而说明待识别生物信息与参考生物信息对应同一生物，则确定待识别生物信息的识别结果为验证通过。After normalizing and sorting multiple target feature distances, the minimum feature distance and the reference biomarker corresponding to the minimum feature distance are obtained. When the minimum feature distance is less than the distance threshold, it indicates that the similarity between the biological information to be identified and the reference biological information corresponding to the reference biological identifier is greater than the similarity threshold, and further indicates that the biological information to be identified and the reference biological information correspond to the same creature, then determine The identification result of the biological information to be identified is the verification passed.

当最小特征距离大于等于距离阈值时，说明待识别生物信息与该参考生物标识对应的参考生物信息之间的相似度小于等于相似度阈值，进而说明待识别生物信息与参考生物信息对应不同生物，则确定待识别生物信息的识别结果为验证不通过。When the minimum feature distance is greater than or equal to the distance threshold, it indicates that the similarity between the biological information to be identified and the reference biological information corresponding to the reference biological identifier is less than or equal to the similarity threshold, and further indicates that the biological information to be identified and the reference biological information correspond to different creatures, Then, it is determined that the identification result of the biological information to be identified is that the verification fails.

下面以支付场景作为具体实施场景举例来说，如图5所示，设定多方安全计算系统中包括第一终端、第二终端、第三终端、第一识别平台、第二识别平台和第三识别平台，其中，第一终端与第一识别平台对应，第二终端与第二识别平台对应，第三终端与第三识别平台对应，第一终端安装有支付应用。The following takes the payment scenario as an example of a specific implementation scenario. As shown in FIG. 5 , it is assumed that the multi-party secure computing system includes a first terminal, a second terminal, a third terminal, a first identification platform, a second identification platform and a third An identification platform, wherein the first terminal corresponds to the first identification platform, the second terminal corresponds to the second identification platform, the third terminal corresponds to the third identification platform, and the first terminal is installed with a payment application.

第一用户在支付应用中注册时，第一终端在获得用户许可的情况下，采集第一参考人脸图像和第一用户账号，并将第一参考人脸图像和第一用户账号发送至第一识别平台的业务系统。第一识别平台中的特征提取模块从业务系统获得第一参考人脸图像，并对第一参考人脸图像进行去噪、灰度化、人脸检测、归一化等预处理后，采用神经网络模型对第一参考人脸图像进行特征提取，获得参考特征向量。将第一参考特征向量划分为两个特征向量分片，分别为特征向量分片A和特征向量分片B。将特征向量分片A加密后保存在第一识别平台的向量分片库中，同时关联保存第一用户账号、第一识别平台的设备信息和第二识别平台的设备信息。第一识别平台将特征向量分片B发送至第二识别平台，第二识别平台对特征向量分片B加密后保存在第二识别平台的向量分片库中，同时关联保存第一用户账号、第一识别平台的设备信息和第二识别平台的设备信息。When the first user registers in the payment application, the first terminal collects the first reference face image and the first user account with the user's permission, and sends the first reference face image and the first user account to the first user. 1. Identify the business system of the platform. The feature extraction module in the first recognition platform obtains the first reference face image from the business system, and performs preprocessing such as denoising, grayscale, face detection, and normalization on the first reference face image, and uses neural The network model performs feature extraction on the first reference face image to obtain a reference feature vector. The first reference feature vector is divided into two feature vector fragments, which are feature vector fragment A and feature vector fragment B respectively. The feature vector fragment A is encrypted and stored in the vector fragment library of the first identification platform, and the first user account, the device information of the first identification platform and the device information of the second identification platform are stored in association at the same time. The first recognition platform sends the feature vector fragment B to the second recognition platform, and the second recognition platform encrypts the feature vector fragment B and saves it in the vector fragment library of the second recognition platform, and stores the first user account, The first identifies the device information of the platform and the second identifies the device information of the platform.

第二用户在支付应用中注册时，第一终端在获得用户许可的情况下，采集第二参考人脸图像和第二用户账号，并将第二参考人脸图像和第二用户账号发送至第一识别平台的业务系统。第一识别平台中的特征提取模块从业务系统获得第二参考人脸图像，并对第二参考人脸图像进行去噪、灰度化、人脸检测、归一化等预处理后，采用神经网络模型对第二参考人脸图像进行特征提取，获得第二参考特征向量。将第二参考特征向量划分为两个特征向量分片，分别为特征向量分片M和特征向量分片N。将特征向量分片M加密后保存在第一识别平台的向量分片库中，同时关联保存第二用户账号、第一识别平台的设备信息和第三识别平台的设备信息。第一识别平台将特征向量分片N发送至第三识别平台，第三识别平台对特征向量分片N加密后保存在第三识别平台的向量分片库中，同时关联保存第一用户账号、第一识别平台的设备信息和第三识别平台的设备信息。When the second user registers in the payment application, with the permission of the user, the first terminal collects the second reference face image and the second user account, and sends the second reference face image and the second user account to the first terminal 1. Identify the business system of the platform. The feature extraction module in the first recognition platform obtains the second reference face image from the business system, and performs preprocessing such as denoising, grayscale, face detection, and normalization on the second reference face image, and uses neural The network model performs feature extraction on the second reference face image to obtain a second reference feature vector. The second reference feature vector is divided into two feature vector segments, which are the feature vector segment M and the feature vector segment N respectively. The feature vector fragment M is encrypted and stored in the vector fragment library of the first identification platform, and the second user account, the device information of the first identification platform and the device information of the third identification platform are stored in association at the same time. The first recognition platform sends the feature vector fragment N to the third recognition platform, and the third recognition platform encrypts the feature vector fragment N and saves it in the vector fragment library of the third recognition platform, and stores the first user account, The device information of the first identification platform and the device information of the third identification platform are identified.

第一用户在进行支付时，第一终端在获得用户许可的情况下，采集待识别人脸图像，并将待识别人脸图像发送至第一识别平台的业务系统。第一识别平台的特征提取模块从业务系统获得待识别人脸图像，并对待识别人脸图像进行去噪、灰度化、人脸检测、归一化等预处理后，采用神经网络模型对待识别人脸图像进行特征提取，获得原始特征向量C。第一识别平台的特征比对模块生成非对称同态加密公私钥对(he_pub_key,he_pri_key)，采用非对称同态加密公钥(he_pub_key)对原始特征向量C进行同态加密，获得目标特征向量D。When the first user makes payment, the first terminal collects the face image to be recognized under the condition of obtaining the user's permission, and sends the face image to be recognized to the business system of the first recognition platform. The feature extraction module of the first recognition platform obtains the face image to be recognized from the business system, and performs preprocessing such as denoising, grayscale, face detection, normalization, etc. Perform feature extraction on the face image to obtain the original feature vector C. The feature comparison module of the first identification platform generates an asymmetric homomorphic encryption public-private key pair (he_pub_key, he_pri_key), uses the asymmetric homomorphic encryption public key (he_pub_key) to perform homomorphic encryption on the original feature vector C, and obtains the target feature vector D .

第一识别平台从向量分片库中获取第一用户账号对应的特征向量分片A和第二用户账号对应的特征向量分片M。The first identification platform obtains the feature vector fragment A corresponding to the first user account and the feature vector fragment M corresponding to the second user account from the vector fragment library.

针对第一用户账号对应的特征向量分片A，第一识别平台的特征比对模块对加密后的特征向量分片A进行解密，获得明文形式的特征向量分片A。然后使用同态加密Lib库对目标特征向量D和特征向量分片A进行欧氏距离计算，获得第一特征距离。For the feature vector fragment A corresponding to the first user account, the feature comparison module of the first identification platform decrypts the encrypted feature vector fragment A to obtain the feature vector fragment A in plaintext. Then use the homomorphic encryption Lib library to calculate the Euclidean distance of the target feature vector D and the feature vector slice A to obtain the first feature distance.

第一识别平台的特征比对模块基于第一用户账号还可以获知第二识别平台保存了第一用户账号对应的另一个特征向量分片，因此，将目标特征向量D发送至第二识别平台的业务系统。第二识别平台的特征比对模块从业务系统中获取目标特征向量D，同时基于用户账号获得加密后的特征向量分片B，然后对加密后的特征向量分片B进行解密，获得明文形式的特征向量分片B。再使用同态加密Lib库对目标特征向量D和特征向量分片B进行欧氏距离计算，获得第二特征距离，并将第二特征距离发送至第二识别平台的业务系统。第二识别平台的业务系统将第二特征距离发送至第一识别平台的业务系统。Based on the first user account, the feature comparison module of the first identification platform can also learn that the second identification platform has saved another feature vector fragment corresponding to the first user account, therefore, the target feature vector D is sent to the second identification platform. business system. The feature comparison module of the second identification platform obtains the target feature vector D from the business system, and at the same time obtains the encrypted feature vector fragment B based on the user account, and then decrypts the encrypted feature vector fragment B to obtain the plaintext. Feature vector slice B. Then use the homomorphic encryption Lib library to calculate the Euclidean distance of the target feature vector D and the feature vector fragment B to obtain the second feature distance, and send the second feature distance to the business system of the second recognition platform. The business system of the second identification platform sends the second characteristic distance to the business system of the first identification platform.

第一识别平台的业务系统基于同态加密Lib库对第一特征距离和第二特征距离进行加法运算，获得候选特征距离。然后采用非对称同态加密私钥(he_pri_key)对候选特征距离进行解密，获得目标特征距离X。The business system of the first identification platform performs an addition operation on the first feature distance and the second feature distance based on the homomorphic encryption Lib library to obtain the candidate feature distance. Then, the candidate feature distance is decrypted using the asymmetric homomorphic encryption private key (he_pri_key) to obtain the target feature distance X.

针对第二用户账号对应的特征向量分片M，第一识别平台的特征比对模块对加密后的特征向量分片M进行解密，获得明文形式的特征向量分片M。然后使用同态加密Lib库对目标特征向量D和特征向量分片M进行欧氏距离计算，获得第三特征距离。For the feature vector fragment M corresponding to the second user account, the feature comparison module of the first identification platform decrypts the encrypted feature vector fragment M to obtain the feature vector fragment M in plaintext. Then use the homomorphic encryption Lib library to calculate the Euclidean distance of the target feature vector D and the feature vector slice M to obtain the third feature distance.

第一识别平台的特征比对模块基于第二用户账号还可以获知第三识别平台保存了第二用户账号对应的另一个特征向量分片，因此，将目标特征向量D发送至第三识别平台的业务系统。第三识别平台的特征比对模块从业务系统中获取目标特征向量D，同时基于第二用户账号获得加密后的特征向量分片N，然后对加密后的特征向量分片N进行解密，获得明文形式的特征向量分片N。再使用同态加密Lib库对目标特征向量D和特征向量分片N进行欧氏距离计算，获得第四特征距离，并将第四特征距离发送至第三识别平台的业务系统。第三识别平台的业务系统将第四特征距离发送至第一识别平台的业务系统。Based on the second user account, the feature comparison module of the first identification platform can also learn that the third identification platform has saved another feature vector fragment corresponding to the second user account, therefore, the target feature vector D is sent to the third identification platform. business system. The feature comparison module of the third identification platform obtains the target feature vector D from the business system, and at the same time obtains the encrypted feature vector slice N based on the second user account, and then decrypts the encrypted feature vector slice N to obtain plaintext Feature vector slices of the form N. Then use the homomorphic encryption Lib library to calculate the Euclidean distance of the target feature vector D and the feature vector slice N, obtain the fourth feature distance, and send the fourth feature distance to the business system of the third recognition platform. The business system of the third identification platform sends the fourth characteristic distance to the business system of the first identification platform.

第一识别平台的业务系统基于同态加密Lib库对第三特征距离和第四特征距离进行加法运算，获得候选特征距离。然后采用非对称同态加密私钥(he_pri_key)对候选特征距离进行解密，获得目标特征距离Y。The business system of the first identification platform performs an addition operation on the third feature distance and the fourth feature distance based on the homomorphic encryption Lib library to obtain the candidate feature distance. Then use the asymmetric homomorphic encryption private key (he_pri_key) to decrypt the candidate feature distance to obtain the target feature distance Y.

由于目标特征距离X小于目标特征距离Y，则判断目标特征距离X是否小于距离阈值。若目标特征距离小于距离阈值，则确定待识别人脸图像验证通过。此时，第一识别平台基于第一用户账号、银行卡等信息进行支付报文组装和支付交易。然后将支付结果返回给第一终端，第一终端在支付应用中展示支付结果。Since the target feature distance X is smaller than the target feature distance Y, it is determined whether the target feature distance X is smaller than the distance threshold. If the target feature distance is less than the distance threshold, it is determined that the verification of the face image to be recognized has passed. At this time, the first identification platform performs payment message assembly and payment transaction based on the first user account, bank card and other information. The payment result is then returned to the first terminal, and the first terminal displays the payment result in the payment application.

基于相同的技术构思，本申请实施例提供了一种生物信息识别装置的结构示意图，应用于安全计算系统中的每个识别平台，如图6所示，该装置600包括：Based on the same technical concept, an embodiment of the present application provides a schematic structural diagram of a biometric information identification device, which is applied to each identification platform in a secure computing system. As shown in FIG. 6 , the device 600 includes:

获取模块601，包括获取待识别生物信息的目标特征向量，以及从向量分片库中获取至少一个参考生物标识对应的本地特征向量分片；The obtaining module 601 includes obtaining the target feature vector of the biological information to be identified, and obtaining the local feature vector fragment corresponding to at least one reference biological identifier from the vector fragment library;

处理模块602，用于针对每个参考生物标识，确定相应的本地特征向量分片与所述目标特征向量之间的特征距离，以及向保存有相应的其他特征向量分片的至少一个其他识别平台发送所述目标特征向量，并接收所述至少一个其他识别平台发送的所述目标特征向量与保存的其他特征向量分片之间的特征距离；The processing module 602 is used to, for each reference biological identifier, determine the feature distance between the corresponding local feature vector fragment and the target feature vector, and store at least one other identification platform with corresponding other feature vector fragments Send the target feature vector, and receive the feature distance between the target feature vector sent by the at least one other identification platform and the other stored feature vector fragments;

识别模块603，用于基于获得的多个特征距离，确定所述待识别生物信息的识别结果。The identification module 603 is configured to determine the identification result of the biological information to be identified based on the obtained multiple characteristic distances.

可选地，所述处理模块602还用于：Optionally, the processing module 602 is further configured to:

所述获取模块601具体用于：The obtaining module 601 is specifically used for:

可选地，所述识别模块603具体用于：Optionally, the identification module 603 is specifically used for:

可选地，所述获取模块601具体用于：Optionally, the obtaining module 601 is specifically used for:

本申请实施例中，将一个参考生物信息的参考特征向量划分为多个特征向量分片并将多个特征向量分片分别保存在多个识别后台中，这样使得任意一个识别后台需要借助其他识别平台中保存的特征向量分片才能完成生物信息识别，每个识别后台均无法基于本地保存的一个特征向量分片还原整个参考特征向量，从而保证了特征向量信息存储的安全性。其次，每个识别后台基于同态加密的运算方式计算本地特征向量分片与待识别生物信息的目标特征向量的特征距离，实现了在密文状态下的计算，保证了计算的安全性。另外，每个识别后台独立计算本地特征向量分片与目标特征向量的特征距离，再将计算结果汇总至一个识别后台，相较于多方安全计算的数据交互来说，大大降低了通信轮次和通信量，从而提升了计算的性能，也降低了通信资源消耗。In the embodiment of the present application, a reference feature vector of reference biological information is divided into multiple feature vector slices, and the multiple feature vector slices are respectively stored in multiple identification backgrounds, so that any identification background needs to use other identification The biometric identification can only be completed by the feature vector shards saved in the platform. Each recognition background cannot restore the entire reference feature vector based on a feature vector shard saved locally, thus ensuring the security of feature vector information storage. Secondly, each identification background calculates the feature distance between the local feature vector fragment and the target feature vector of the biological information to be identified based on the operation method of homomorphic encryption, which realizes the calculation in the ciphertext state and ensures the security of the calculation. In addition, each recognition background independently calculates the feature distance between the local feature vector fragment and the target feature vector, and then aggregates the calculation results into a single recognition background, which greatly reduces the number of communication rounds and Therefore, the performance of computing is improved and the consumption of communication resources is reduced.

基于相同的技术构思，本申请实施例提供了一种计算机设备，该计算机设备可以是图1所示的识别平台，如图7所示，包括至少一个处理器701，以及与至少一个处理器连接的存储器702，本申请实施例中不限定处理器701与存储器702之间的具体连接介质，图7中处理器701和存储器702之间通过总线连接为例。总线可以分为地址总线、数据总线、控制总线等。Based on the same technical concept, an embodiment of the present application provides a computer device. The computer device may be the identification platform shown in FIG. 1 , as shown in FIG. 7 , and includes at least one processor 701 and is connected to at least one processor. The specific connection medium between the processor 701 and the memory 702 is not limited in this embodiment of the present application. In FIG. 7 , the connection between the processor 701 and the memory 702 is taken as an example through a bus. The bus can be divided into address bus, data bus, control bus and so on.

在本申请实施例中，存储器702存储有可被至少一个处理器701执行的指令，至少一个处理器701通过执行存储器702存储的指令，可以执行上述生物信息识别方法的步骤。In this embodiment of the present application, the memory 702 stores instructions that can be executed by at least one processor 701 , and the at least one processor 701 can execute the steps of the above-mentioned biometric information identification method by executing the instructions stored in the memory 702 .

其中，处理器701是计算机设备的控制中心，可以利用各种接口和线路连接计算机设备的各个部分，通过运行或执行存储在存储器702内的指令以及调用存储在存储器702内的数据，从而实现生物信息识别。可选的，处理器701可包括一个或多个处理单元，处理器701可集成应用处理器和调制解调处理器，其中，应用处理器主要处理操作系统、用户界面和应用程序等，调制解调处理器主要处理无线通信。可以理解的是，上述调制解调处理器也可以不集成到处理器701中。在一些实施例中，处理器701和存储器702可以在同一芯片上实现，在一些实施例中，它们也可以在独立的芯片上分别实现。Among them, the processor 701 is the control center of the computer equipment, and can use various interfaces and lines to connect various parts of the computer equipment, by running or executing the instructions stored in the memory 702 and calling the data stored in the memory 702, so as to realize biological Information identification. Optionally, the processor 701 may include one or more processing units, and the processor 701 may integrate an application processor and a modem processor, wherein the application processor mainly processes the operating system, user interface, application programs, etc., and the modem The modulation processor mainly handles wireless communication. It can be understood that, the above-mentioned modulation and demodulation processor may also not be integrated into the processor 701 . In some embodiments, the processor 701 and the memory 702 may be implemented on the same chip, and in some embodiments, they may be implemented separately on separate chips.

处理器701可以是通用处理器，例如中央处理器(CPU)、数字信号处理器、专用集成电路(Application Specific Integrated Circuit，ASIC)、现场可编程门阵列或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件，可以实现或者执行本申请实施例中公开的各方法、步骤及逻辑框图。通用处理器可以是微处理器或者任何常规的处理器等。结合本申请实施例所公开的方法的步骤可以直接体现为硬件处理器执行完成，或者用处理器中的硬件及软件模块组合执行完成。The processor 701 may be a general-purpose processor, such as a central processing unit (CPU), a digital signal processor, an application specific integrated circuit (ASIC), a field programmable gate array or other programmable logic devices, discrete gates or transistors Logic devices and discrete hardware components can implement or execute the methods, steps, and logic block diagrams disclosed in the embodiments of this application. A general purpose processor may be a microprocessor or any conventional processor or the like. The steps of the methods disclosed in conjunction with the embodiments of the present application may be directly embodied as executed by a hardware processor, or executed by a combination of hardware and software modules in the processor.

存储器702作为一种非易失性计算机可读存储介质，可用于存储非易失性软件程序、非易失性计算机可执行程序以及模块。存储器702可以包括至少一种类型的存储介质，例如可以包括闪存、硬盘、多媒体卡、卡型存储器、随机访问存储器(Random AccessMemory，RAM)、静态随机访问存储器(Static Random Access Memory，SRAM)、可编程只读存储器(Programmable Read Only Memory，PROM)、只读存储器(Read Only Memory，ROM)、带电可擦除可编程只读存储器(Electrically Erasable Programmable Read-Only Memory，EEPROM)、磁性存储器、磁盘、光盘等等。存储器702是能够用于携带或存储具有指令或数据结构形式的期望的程序代码并能够由计算机设备存取的任何其他介质，但不限于此。本申请实施例中的存储器702还可以是电路或者其它任意能够实现存储功能的装置，用于存储程序指令和/或数据。As a non-volatile computer-readable storage medium, the memory 702 can be used to store non-volatile software programs, non-volatile computer-executable programs and modules. The memory 702 may include at least one type of storage medium, for example, may include a flash memory, a hard disk, a multimedia card, a card-type memory, a random access memory (Random Access Memory, RAM), a static random access memory (Static Random Access Memory, SRAM), a Programmable Read Only Memory (PROM), Read Only Memory (ROM), Electrically Erasable Programmable Read-Only Memory (EEPROM), Magnetic Memory, Disk, CD and so on. Memory 702 is, but is not limited to, any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer device. The memory 702 in this embodiment of the present application may also be a circuit or any other device capable of implementing a storage function, for storing program instructions and/or data.

基于同一发明构思，本申请实施例提供了一种计算机可读存储介质，其存储有可由计算机设备执行的计算机程序，当程序在计算机设备上运行时，使得计算机设备执行上述生物信息识别方法的步骤。Based on the same inventive concept, an embodiment of the present application provides a computer-readable storage medium, which stores a computer program that can be executed by a computer device, and when the program runs on the computer device, causes the computer device to execute the steps of the above-mentioned biometric information identification method .

本领域内的技术人员应明白，本发明的实施例可提供为方法、或计算机程序产品。因此，本发明可采用完全硬件实施例、完全软件实施例、或结合软件和硬件方面的实施例的形式。而且，本发明可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器、CD-ROM、光学存储器等)上实施的计算机程序产品的形式。As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, or as a computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.

本发明是参照根据本发明实施例的方法、设备(系统)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器，使得通过计算机设备或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block in the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to the processor of a general purpose computer, special purpose computer, embedded processor or other programmable data processing device to produce a machine such that the instructions executed by the processor of the computer device or other programmable data processing device produce Means for implementing the functions specified in a flow or flow of a flowchart and/or a block or blocks of a block diagram.

这些计算机程序指令也可存储在能引导计算机设备或其他可编程数据处理设备以特定方式工作的计算机可读存储器中，使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品，该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。The computer program instructions may also be stored in a computer readable memory capable of directing a computer apparatus or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer readable memory result in an article of manufacture comprising instruction means, the The instruction means implement the functions specified in the flow or flow of the flowcharts and/or the block or blocks of the block diagrams.

这些计算机程序指令也可装载到计算机设备或其他可编程数据处理设备上，使得在计算机设备或其他可编程设备上执行一系列操作步骤以产生计算机设备实现的处理，从而在计算机设备或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。These computer program instructions may also be loaded on a computer device or other programmable data processing device, such that a series of operational steps are performed on the computer device or other programmable device to produce a computer device implemented process, thereby executing the computer device or other programmable device. The instructions executing on the device provide steps for implementing the functions specified in the flow or blocks of the flowcharts and/or the blocks or blocks of the block diagrams.

尽管已描述了本发明的优选实施例，但本领域内的技术人员一旦得知了基本创造性概念，则可对这些实施例作出另外的变更和修改。所以，所附权利要求意欲解释为包括优选实施例以及落入本发明范围的所有变更和修改。Although preferred embodiments of the present invention have been described, additional changes and modifications to these embodiments may occur to those skilled in the art once the basic inventive concepts are known. Therefore, the appended claims are intended to be construed to include the preferred embodiment and all changes and modifications that fall within the scope of the present invention.

显然，本领域的技术人员可以对本发明进行各种改动和变型而不脱离本发明的精神和范围。这样，倘若本发明的这些修改和变型属于本发明权利要求及其等同技术的范围之内，则本发明也意图包含这些改动和变型在内。It will be apparent to those skilled in the art that various modifications and variations can be made in the present invention without departing from the spirit and scope of the invention. Thus, provided that these modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include these modifications and variations.

Claims

1. A biological information identification method applied to each identification platform in a secure computing system is characterized by comprising the following steps:

acquiring a target characteristic vector of biological information to be identified, and acquiring a local characteristic vector fragment corresponding to at least one reference biological identifier from a vector fragment library;

for each reference biological identifier, determining a characteristic distance between a corresponding local characteristic vector fragment and the target characteristic vector, sending the target characteristic vector to at least one other recognition platform storing corresponding other characteristic vector fragments, and receiving the characteristic distance between the target characteristic vector sent by the at least one other recognition platform and the stored other characteristic vector fragments;

and determining the identification result of the biological information to be identified based on the obtained plurality of characteristic distances.

2. The method of claim 1, wherein before obtaining the target feature vector of the biometric information to be identified, the method further comprises:

acquiring reference biological information corresponding to each reference biological identifier, and performing feature extraction on the reference biological information to acquire a reference feature vector;

dividing the reference feature vector into a plurality of feature vector slices;

and taking one of the feature vector fragments as a local feature vector fragment for storage, and respectively sending at least one other feature vector fragment of the feature vector fragments to other corresponding identification platforms for storage.

3. The method of claim 2, further comprising:

acquiring equipment information of a plurality of identification platforms for storing the plurality of feature vector fragments;

saving the reference biometric identifier and device information for the plurality of recognition platforms;

and for each other recognition platform, sending the reference biological identification and the device information of the plurality of recognition platforms to the other recognition platforms for storage.

4. The method of claim 2, wherein the plurality of feature vector tiles are in plaintext form or homomorphically encrypted feature vector tiles, and the target feature vector is in plaintext form or homomorphically encrypted feature vector.

5. The method of claim 2, wherein the biometric information to be recognized corresponds to a target biometric identifier;

the obtaining of local feature vector patches corresponding to at least one reference biometric identifier from a vector patch library includes:

and acquiring a local feature vector fragment corresponding to a reference biological identifier matched with the target biological identifier from the vector fragment library.

6. The method of claim 5, wherein the determining the recognition result of the biometric information to be recognized based on the obtained plurality of feature distances comprises:

determining a target feature distance between the target feature vector and a reference feature vector corresponding to the one reference biometric identifier based on the obtained plurality of feature distances;

if the target characteristic distance is smaller than a distance threshold, determining that the identification result of the biological information to be identified is passed through verification;

and if the target characteristic distance is greater than or equal to the distance threshold, determining that the identification result of the biological information to be identified is not verified.

7. The method of claim 6, wherein the determining the target feature distance between the target feature vector and the reference feature vector corresponding to the one reference biometric identifier based on the obtained plurality of feature distances comprises:

performing homomorphic addition operation on the obtained multiple characteristic distances to obtain candidate characteristic distances between the target characteristic vector and a reference characteristic vector corresponding to the reference biological identifier;

and decrypting the candidate characteristic distance by adopting a homomorphic encryption private key to obtain the target characteristic distance.

8. The method of claim 1, wherein the vector shard library includes local feature vector shards corresponding to respective ones of a plurality of reference biometric identifiers;

and obtaining local feature vector fragments corresponding to the plurality of reference biological identifiers from the vector fragment library.

9. The method of claim 8, wherein the determining the recognition result of the biometric information to be recognized based on the obtained plurality of feature distances comprises:

for each of the plurality of reference biometrics, determining a target feature distance between the target feature vector and a reference feature vector corresponding to the reference biometrics, based on a plurality of feature distances associated with the reference biometrics;

determining a minimum feature distance from the obtained plurality of target feature distances;

if the minimum characteristic distance is smaller than a distance threshold, determining that the identification result of the biological information to be identified is passed through verification;

and if the minimum characteristic distance is larger than or equal to the distance threshold, determining that the identification result of the biological information to be identified is not verified.

10. A biometric information recognition apparatus for use in each recognition platform of a secure computing system, comprising:

the acquisition module comprises a target characteristic vector for acquiring biological information to be identified and a local characteristic vector fragment corresponding to at least one reference biological identifier from a vector fragment library;

the processing module is used for determining a characteristic distance between the corresponding local characteristic vector fragment and the target characteristic vector for each reference biological identifier, sending the target characteristic vector to at least one other recognition platform storing corresponding other characteristic vector fragments, and receiving the characteristic distance between the target characteristic vector sent by the at least one other recognition platform and the stored other characteristic vector fragments;

and the identification module is used for determining the identification result of the biological information to be identified based on the obtained characteristic distances.

11. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the steps of the method of any one of claims 1 to 9 are performed when the program is executed by the processor.

12. A computer-readable storage medium, having stored thereon a computer program executable by a computer device, for causing the computer device to perform the steps of the method of any one of claims 1 to 9, when the program is run on the computer device.