Patent Application
20210073396
The present invention generally relates to image embeddings and, more specifically, the for storage and querying of secure image embeddings.
Digital images are used in a variety of different applications, such as for facial recognition, security applications, image search, etc. The ability to securely store and/or search across such images is becoming increasingly important.
Systems and methods for secure image embeddings in accordance with embodiments of the invention are illustrated. One embodiment includes a method for storing image embedding data. The method includes steps for generating an image embedding vector, performing a set of one or more obfuscation methods on the generated image embedding vector to generate an obfuscated image embedding, and storing the obfuscated image embedding vector.
In a further embodiment, the set of obfuscation methods includes reordering elements of the image embedding vector.
In still another embodiment, reordering the elements of the image embedding vector comprises identifying an offset value, and rearranging a first and second portion of the image embedding vector based on the offset value.
In a still further embodiment, the offset value is encrypted, wherein reordering the image embedding vector further includes decrypting the offset value.
In yet another embodiment, the set of obfuscation methods includes obfuscating elements of the image embedding vector using an obfuscation vector.
In a yet further embodiment, obfuscating the elements includes performing an operation on elements of the image embedding vector based on elements of the obfuscation vector.
In another additional embodiment, the operation includes one of multiplication, division, addition, and subtraction.
In a further additional embodiment, the set of obfuscation methods includes padding the image embedding vector.
In another embodiment again, padding the image embedding vector includes inserting random values into the image embedding vector.
In a further embodiment again, the method further includes steps for identifying an operation order, wherein performing the set of obfuscation methods includes performing a plurality of obfuscation methods in the operation order.
Additional embodiments and features are set forth in part in the description that follows, and in part will become apparent to those skilled in the art upon examination of the specification or may be learned by the practice of the invention. A further understanding of the nature and advantages of the present invention may be realized by reference to the remaining portions of the specification and the drawings, which forms a part of this disclosure.
The description and claims will be more fully understood with reference to the following figures and data graphs, which are presented as exemplary embodiments of the invention and should not be construed as a complete recitation of the scope of the invention.
Turning now to the drawings, systems and methods for generating secure image embeddings (also referred to as image vectors or feature vectors) are described below. In many embodiments, securing image embeddings allow for the secure storage and retrieval of information such as (but not limited to) images, personal information, and account data. In many embodiments, the storage and querying based on secure image embeddings allows for the storage of secure embeddings based on an initial target image and querying against the secure embeddings based on subsequent query images. The storage of secure image embeddings can allow for the storage of information without any identifying information, such as a name or user identification.
In a number of embodiments, secure image embeddings can be used across multiple data managers, where each data manager maintains a separate obfuscation key (or a set of one or more obfuscation methods) for obfuscating all of the image embeddings stored by the data manager. Separate obfuscation keys can hinder attacks between data managers because compromising a first data manager, whether at a client or at a server, doesn't compromise the secured image embeddings for a second data manager.
In many embodiments, secure image embeddings allow a user to maintain their privacy. In some cases, attacks on a system can allow an attacker to gather information about a user's images based on image vectors generated by the system. By securing the image vectors, whether in transit and/or in storage, the secured image vectors can help to hinder attacks based on unobfuscated feature vectors.
Secure image embeddings in accordance with several embodiments of the invention allow for the secured querying of a database for a variety of purposes, such as (but not limited to) performing an image search for similar images, authenticating a user based on images of the user, and/or retrieving personal information for a user.
Image embeddings in accordance with many embodiments of the invention can specify features of an image across multiple dimensions. In some embodiments, image embeddings can identify a point in multi-dimensional space, allowing for a query to be run based on the nearness of an image embedding with a target image embedding within the multi-dimensional space. For example, in certain embodiments image embeddings include feature vectors of a user's face, and the results of a query are identified based on the nearness of a query vector with a target vector. Nearness between vectors can be measured in a variety of ways such as (but not limited to) a Euclidean (L2) distances. As can readily be appreciated, any of a variety of distance metrics can be utilized to determine the distance between two multi-dimensional feature vectors in feature space as appropriate to the requirements of a specific application in accordance with various embodiments of the invention.
Secure Image Embedding System
A system for securing image embeddings in accordance with some embodiments of the invention is illustrated in
Users may use personal devices 180 and 120 that connect to the network 160 to perform processes for capturing images (or video), securing image embeddings, and/or retrieving information based on secured image embeddings with various embodiments of the invention. In the illustrated embodiment, the personal devices 180 are shown as desktop computers that are connected via a conventional “wired” connection to the network 160. However, the personal device 180 may be a desktop computer, a laptop computer, a smart television, an entertainment gaming console, or any other device that connects to the network 160 via a “wired” and/or “wireless” connection. Personal devices in accordance with many embodiments of the invention include an image capture device (e.g., webcam, camera, etc.) for recording images to be used for storing and/or retrieving secured image embeddings. Image capture devices in accordance with certain embodiments of the invention include a set of one or more image capture devices that can be used to capture video data of a user in motion. Given a single-camera or a multi-camera data collection setting, systems in accordance with a number of embodiments of the invention can use artificial neural networks (such as, but not limited to, convolutional neural networks) for extracting image embeddings from one or more images.
The mobile device 120 connects to network 160 using a wireless connection. A wireless connection is a connection that uses Radio Frequency (RF) signals, Infrared signals, or any other form of wireless signaling to connect to the network 160. In
Secure Image Embedding Element
An example of a secure image embedding element in accordance with an embodiment of the invention is illustrated in
Secure image embedding element 200 includes a processor 205, image capture device 210, network interface 215, and memory 220. One skilled in the art will recognize that a particular image processing element may include other components that are omitted for brevity without departing from this invention. The processor 205 can include (but is not limited to) a processor, microprocessor, controller, or a combination of processors, microprocessor, and/or controllers that performs instructions stored in the memory 220 to manipulate data stored in the memory. Processor instructions can configure the processor 205 to perform processes in accordance with certain embodiments of the invention. Image capture device 210 can capture and/or retrieve images for the motion evaluation element. Image capture devices can include (but are not limited to) cameras and other sensors that can capture image data of a scene. Network interface 215 allows secure image embedding element 200 to transmit and receive data over a network based upon the instructions performed by processor 205.
Memory 220 includes a secure image embedding application 225, secure image embeddings 230, and model parameters 235. Secure image embedding applications in accordance with several embodiments of the invention are used to generate secure image embeddings based on a model trained using model parameters and/or weights to generate image embeddings from a set of one or more images.
Although a specific example of a secure image embedding element 200 is illustrated in
Secure Image Embedding Application
A secure image embedding application in accordance with a number of embodiments of the invention is illustrated in
Image embedding engines in accordance with many embodiments of the invention are for generating image embeddings (e.g., feature vectors) that represent features of an image. Image embedding engines in accordance with certain embodiments of the invention apply one or more machine learning models (such as, but not limited to convolutional neural networks) to identify features from a set of images. In many embodiments, machine learning models can be trained to classify the identities of faces found in images, training the models to identify features that are useful for distinguishing between different individuals. The images can include a target set of images that can be used to match against future searches and/or a query set of images that can be used to search against a database of target image embeddings.
Embedding obfuscation engines in accordance with several embodiments of the invention can be used to obfuscate the generated image embeddings to secure the storage of such image embeddings and/or the querying of a datasource of secure image embeddings from target images based on a set of one or more query images. In some embodiments, obfuscation engines can be implemented using one or more methods, such as (but not limited to) matrix multiplication and vector padding.
In various embodiments, embedding obfuscation engines are also used for reverting some or all of the obfuscations performed on a secured image embedding. For example, embedding obfuscation engines in accordance with a number of embodiments of the invention can remove padded elements from a secured image vector, prior to storage or querying, while maintaining the reordered or masked values of the secure image embedding. In this manner, an image embedding can be provided by a client using additional transport security by using a shared secret (e.g., the location of the true values of the image embedding) with a server, while also maintaining the security of the image embeddings through the remaining obfuscations (e.g., reordering and/or masking of elements), even if the server itself is compromised.
Storage engines in accordance with several embodiments of the invention can be used to store obfuscated vectors in a storage for future retrieval or searching. In many embodiments, the storage engines communicate over a network to store secured image embeddings remotely, such as (but not limited to) at a server and/or cloud service.
In a number of embodiments, query engines can use obfuscated image embeddings of a query image to query against a database of secured image embeddings of target images. Query engines in accordance with some embodiments of the invention provide the queried results for a user. Queried results can include a number of nearest matches (e.g., in the case of a related image search) or may only return a result when the nearest match is within a particular threshold, such as in the case of user authentication.
Although a specific example of a secure image embedding application is illustrated in
Methods for Secure Image Embedding
A process for securing image embeddings in accordance with a number of embodiments of the invention is described with reference to
Process 400 performs (410) vector obfuscation on the generated image embedding vector. Vector obfuscation in accordance with many embodiments of the invention can include (but is not limited to) reordering elements of the vector, masking elements of the vector, and/or increasing the length of the vector with pad elements. Vector obfuscation is described in greater detail below with reference to
Process 400 stores (415) the obfuscated image embedding vectors. In some embodiments, image embedding vectors are stored in a database with an identity such as (but not limited to) a name, social security number, and/or customer number for later retrieval. Obfuscated image embedding vectors in accordance with certain embodiments are created at a client device and stored at a set of servers. In some embodiments, obfuscated image embedding vectors are stored as part of a registration process for registering users within a system.
Once secured image embeddings have been stored, processes in accordance with a number of embodiments of the invention can search for a secured image embedding based on either the same image or based on a similar image. A process for searching secured image embeddings is described with reference to
Process 500 performs (510) vector obfuscation on the generated image embedding vector. Vector obfuscation in accordance with many embodiments of the invention can include (but is not limited to) reordering elements of the vector, masking elements of the vector, and/or increasing the length of the vector with pad elements. Vector obfuscation is described in greater detail below with reference to
Process 500 queries (515) a datasource using the obfuscated image embedding vectors. In some embodiments, image embedding vectors are used as an index for retrieving information stored in a database such as (but not limited to) a name, social security number, and/or customer number for later retrieval.
Process 500 receives (520) results based on the query. In some embodiments, the received results can include a number of nearest matches (e.g., in the case of a related image search) or may only return a result when the nearest match is within a particular threshold, such as in the case of user authentication.
For example, in accordance with many embodiments of the invention methods for securing face embeddings while maintaining searchability may include receiving a request from a computing device to search a database of known identities based on an image and using a deep neural network to convert the image to a 128-1024 dimension vector of numbers. Methods can further include using a first secret key to obscure the original values for each dimension of the vector, using a second secret key to randomize the order of the numbers in the vector, and/or using a third secret key to pad the resulting vector with random variables to a determined length. Methods can include using the transformed vector to search a database of known identities by calculating the distance between the newly created vector and the vectors stored in a database, and returning the stored vector that is the closest match to the new set as a match.
Methods in accordance with some embodiments of the invention can be used to help prevent several common attacks. First, secured image embeddings can prevent embeddings from one data manager's database from being inserted into the database of a second data manager's database. Second, they can prevent a brute force attack where an attacker uses a known image of person to find the face embeddings in an identity database of a data manager. Third, they can prevent an attacker from changing the face embeddings of person A to match person B.
In various embodiments, secure image embedding processes can operate on any of a variety of devices (such as (but not limited to) servers, client devices, mobile devices, and cloud services). Processes in accordance with some embodiments of the invention can be distributed across multiple devices at multiple points in the process. For example, in accordance with some embodiments of the invention image embeddings are obfuscated using a first obfuscation key specific to a data manager and a different, second obfuscation key specific to a service provider, allowing data to remain searchable, but still providing protection in the case that either the service provider or the data manager are compromised.
Image Embedding Obfuscation
Image embedding vectors can be obfuscated in a variety of different manners in accordance with many embodiments of the invention. In some embodiments, image embedding obfuscations can include (but are not limited to) one or more of reordering of the elements, masking of the elements, and/or inserting dummy elements into the image embedding.
An example of reordering an image embedding is illustrated in
In some embodiments, image embeddings can be reordered based on an offset value. In certain embodiments, offset values represent an offset that was used in storing a vector. For example, with a vector [0-511], an offset value of 255 can represent that the vector has been stored as [256-511, 0-255]. A vector with an offset value of 128 may be stored as [128-511, 0-127]. In some such embodiments, the vector can be viewed as a circle or chain of numbers, where the way that the vector is stored depends on the offset value stored with the vector (e.g., {offset value},{face embedding vector}). Offset values in accordance with some embodiments of the invention can be generated in a variety of ways, such as (but not limited to) random number generation. Offset values in accordance with many embodiments of the invention can be encrypted values, where the offset value is encrypted in any of a variety of ways including (but not limited to) a 256-bit advanced encryption standard (AES) cipher. In several embodiments, offset values can be used with various elements including (but not limited to) image embeddings, order vectors, obfuscation vectors, etc.
An example of masking elements of an image embedding is illustrated in
An example of inserting dummy elements into the image embedding is illustrated in
Another example of an obfuscated image embedding is illustrated in
Although a specific examples of image embedding obfuscations are illustrated in
The securing of image embeddings can have many different applications in various industries. For example, secure image embeddings can be used for authentication of users, in which images or video of a user can be used to authenticate a user's identity based on a previously stored, secure facial embedding. Secure image embeddings in accordance with various embodiments of the invention can also be used to secure the transfer of facial embedding information without exposing the data directly.
Although specific methods of securing image embeddings are discussed above, many different methods can be implemented in accordance with many different embodiments of the invention. It is therefore to be understood that the present invention may be practiced in ways other than specifically described, without departing from the scope and spirit of the present invention. Thus, embodiments of the present invention should be considered in all respects as illustrative and not restrictive. Accordingly, the scope of the invention should be determined not by the embodiments illustrated, but by the appended claims and their equivalents.
The current application claims priority to U.S. Provisional Patent Application No. 62/896,451, filed Sep. 5, 2019, the disclosure of which is hereby incorporated by reference in its entirety.
| Number | Date | Country | |
|---|---|---|---|
| 62896451 | Sep 2019 | US |
