Face image desensitization method and device
By generating adaptive encrypted QR codes, the problem of balancing privacy protection and data utilization in facial recognition technology is solved, achieving strong desensitization and reversible traceability at the visual level, which is suitable for scenarios such as judicial evidence collection and emergency investigation.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- XFUSION DIGITAL TECH CO LTD
- Filing Date
- 2026-02-09
- Publication Date
- 2026-06-19
AI Technical Summary
Existing facial recognition technology struggles to balance privacy protection and data value utilization, especially as it is susceptible to interference when generating QR codes, resulting in insufficient accuracy and practicality for identity tracing.
By acquiring the feature vector of the face region, an adaptively covered encrypted QR code is generated. Combined with national cryptographic algorithms, data security and visual identification are ensured, realizing a reversible traceability channel.
While protecting user privacy, it provides a reliable identity tracing channel, applicable to scenarios such as judicial evidence collection and emergency investigation, thus improving the system's robustness and accuracy.
Smart Images

Figure CN122243710A_ABST
Abstract
Description
Technical Field
[0001] This application relates to the field of image processing technology, and in particular to a method and apparatus for desensitizing human face images. Background Technology
[0002] With the widespread application of facial recognition technology in public safety, commercial services, and other fields, the conflict between privacy protection and compliant use of massive amounts of facial images during their transfer is becoming increasingly prominent. As sensitive personal information, the direct use of facial images without anonymization poses a risk of leakage. Therefore, it is urgent to achieve a balance between privacy protection and the utilization of data value while meeting the requirements of laws and regulations such as the Personal Information Protection Law.
[0003] In related technologies, facial anonymization techniques are mainly divided into two categories: irreversible processing based on visual occlusion (such as Gaussian blurring and pixelation) and virtual face replacement based on generative AI (artificial intelligence). These technologies encode facial features into QR codes and then cover them to achieve traceable anonymization that is "readable despite occlusion." However, in practical applications, the QR codes generated by these methods are easily interfered with, severely limiting the accuracy and practicality of identity tracing and making it difficult to meet the needs of high-reliability scenarios. Summary of the Invention
[0004] This application provides a method and device for de-identifying facial images, which can effectively protect user privacy while providing a traceability channel for recovering identity information after authorization.
[0005] According to a first aspect of the embodiments of this application, a method for desensitizing facial images is provided, the method comprising:
[0006] Acquire an image containing faces and detect face regions within the image. Obtain the privacy coverage information selected by the user, and extract the first feature vector of the face region covered by the privacy coverage information; Based on the first feature vector, a QR code is generated so that the QR code contains the facial features of the face region covered by the privacy coverage information. The QR code is adaptively overlaid onto the user-selected privacy coverage area in the face region, and an anonymized image is output.
[0007] This scheme optimizes storage performance by generating QR codes with low data redundancy and high visual adaptability. Since the "first feature vector" originates only from the user's occluded area, its data dimension (size) is typically smaller than that of a complete full-face feature vector. Subsequent processing (such as encryption and encoding) of the smaller feature vector generates even smaller data. Therefore, higher error correction and tolerance are achieved within the same QR code size. This allows the generated QR code to: more flexibly adapt to user-selected, potentially small, privacy-covering areas, improve QR code generation quality, avoid image information redundancy, and improve information storage performance. By extracting the first feature vector from the face region based on the user-selected privacy-covering area, and by adaptively covering the QR code according to the user-selected privacy-covering area, this solves the problem in related technologies of not being able to provide a reversible traceability channel while effectively protecting privacy. While achieving strong visual desensitization, the encrypted QR code retains identity features that can identify the user, making authorized identity tracing possible. This makes it applicable to scenarios requiring post-event identity tracing, such as judicial evidence collection and emergency investigations.
[0008] In one possible implementation, a QR code is generated based on the first feature vector, including: At least the first feature vector is encrypted to generate encrypted data, and a QR code is generated based on the encrypted data.
[0009] This embodiment combines the security of encrypted data with the visual and machine-readable characteristics of QR codes by encrypting the extracted facial feature vector using national cryptographic algorithms and then encoding it into a QR code. This allows the QR code to cover the facial area in an intuitive and reliable visual desensitization manner, while ensuring that the hidden identity information is protected by strong cryptographic technology and can be restored through authorized decryption.
[0010] In one possible implementation, prior to encrypting at least the first feature vector and generating the encrypted data, the following steps are also included: The privacy coverage information is concatenated with the first feature vector to form fused data; At least the first feature vector is encrypted to generate encrypted data, including: The merged data is encrypted to generate encrypted data.
[0011] This embodiment generates encrypted data by encrypting the fused data. Specifically, a specified encryption algorithm (such as the SM4 national cryptographic algorithm) can be used to encrypt the fused data formed in the aforementioned steps. This operation ensures that facial features and the user's privacy preferences are jointly encrypted and protected.
[0012] In one possible implementation, the privacy coverage information is concatenated with the first feature vector to form fused data, including: Compress privacy coverage information into data of the target bit length; The compressed privacy coverage data is concatenated with the first feature vector to form fused data.
[0013] By concatenating the compressed privacy coverage data with the first feature vector extracted from the face region (e.g., a 512-dimensional floating-point vector), a complete fused data set containing "identity features + masking rules" is formed. This fused data serves as the sole object for subsequent encryption operations, ensuring that the user's privacy preferences are tightly bound to their biometric information and jointly protected by national cryptographic algorithms. This lays the data foundation for accurate comparison during subsequent authorization and tracing, enabling the simultaneous recovery of both original features and coverage information.
[0014] In one possible implementation, a QR code is generated based on encrypted data, including: Encode the encrypted data to obtain encoded data; The error correction level of the QR code is adaptively selected based on the coverage area determined by the privacy coverage information. A QR code is generated based on the error correction level and the encoding data.
[0015] This solution ensures format compatibility by encoding encrypted data and adaptively selects the QR code error correction level based on the area of the privacy coverage region. It achieves reliable QR code reading by improving error correction capabilities under limited coverage area, and finally generates a QR code that accurately matches the visually obscured area and has high robustness. It effectively solves the problem of QR code damage and difficulty in recognition caused by the size limitation of the coverage area, and provides a reliable technical guarantee for reversible traceability.
[0016] In one possible implementation, the QR code is adaptively overlaid onto a user-selected privacy coverage area within the face region, including: Calculate the perspective transformation matrix based on facial key points; A perspective transformation matrix is used to perform a geometric transformation on the QR code, which is then used to adapt to the current pose and scale of the human face. The transformed QR code is overlaid onto the user-selected privacy coverage area within the face region.
[0017] This solution utilizes the aforementioned perspective transformation technology based on facial key points to ensure that QR codes can adapt to diverse facial postures and scale variations. This guarantees the integrity and naturalness of the visual desensitization effect while fundamentally avoiding issues such as incomplete coverage or excessive QR code deformation leading to unreadable results due to posture changes. This significantly improves the practicality and reliability of the technology in real-world, complex scenarios.
[0018] In one possible implementation, a QR code is generated based on the first feature vector, including: The size of the QR code to be generated is determined based on the size of the privacy coverage area; wherein, the size of the QR code is larger than the size of the privacy coverage area. A QR code is generated based on the first feature vector and the size of the QR code.
[0019] This embodiment addresses the risk of incomplete coverage caused by minor deviations in face pose estimation, differences in image resolution, or edge processing during coverage by proactively adapting the QR code size to be slightly larger than the target coverage area, thus ensuring thorough visual desensitization. Furthermore, since the size is pre-calculated based on actual coverage requirements, it avoids the resource waste (too large) or insufficient coverage (too small) issues that may arise from using fixed-size QR codes.
[0020] In one possible implementation, the method further includes: When identity verification is required, the QR code is read from the de-identified image; Process the QR code to obtain the first feature vector; Extracting facial features outside the privacy coverage area from desensitized images; Based on the first feature vector and the facial feature vector outside the privacy coverage area, the features are compared with the facial features to be verified to generate a comparison result for identity tracing.
[0021] This embodiment constructs a dual-channel authentication mechanism by collaboratively extracting features from two independent sources: encrypted QR codes and the visible portions of de-identified images. This method significantly improves the robustness and accuracy of the traceability system: on the one hand, the encrypted QR code ensures the authenticity and tamper-proof nature of core identity features; on the other hand, the residual visible information in the de-identified image provides additional feature supplementation and cross-validation. This design allows the system to perform effective comparisons based on partial information even in extreme cases (such as partial damage to the QR code), enhancing the overall fault tolerance and reliability of the solution, making it suitable for identity tracing scenarios with extremely high security requirements.
[0022] In one possible implementation, the method further includes: When a user requests an update to the privacy coverage for an anonymized image, the updated privacy coverage is obtained. Based on the first feature vector and the updated privacy coverage, the QR code is updated, and the de-identified image is regenerated based on the updated QR code.
[0023] The dynamic update mechanism provided by this solution grants users continuous and flexible privacy control, enabling the solution to adapt to users' dynamically changing privacy needs in different scenarios. Furthermore, because the benchmark used for comparison—the original first feature vector—remains unchanged, updating the masking range will not affect the logical consistency and comparison accuracy of tracing based on historical encrypted data. In addition, the entire update process is computationally lightweight, eliminating the need for repetitive, costly feature extraction; only the encryption and encoding processes need to be re-executed. This makes the function ideal for real-time operation on edge devices with limited computing resources (such as robots), greatly enhancing the practicality and user-friendliness of the solution.
[0024] According to a second aspect of the embodiments of this application, a face image desensitization device is provided, the device comprising: The image acquisition and processing module is used to acquire images containing human faces and to detect face regions in the images to be processed. The feature extraction module is used to obtain the privacy coverage information selected by the user and extract the first feature vector of the face region covered by the privacy coverage information. The encoding module is used to generate a QR code based on the first feature vector, so that the QR code contains facial features of the face region covered by the privacy coverage information. The desensitized image output module is used to adaptively overlay the QR code onto the user-selected privacy coverage area in the face region and output a desensitized image.
[0025] According to a third aspect of the embodiments of this application, a computing device is provided. The computing device includes a memory and a processor, the memory storing a computer program, and the processor executing the program to implement the method as described above.
[0026] According to a fourth aspect of the embodiments of this application, a computer-readable storage medium is provided, on which a computer program is stored, which, when executed by a processor, implements the methods described in the embodiments of this application.
[0027] According to a fifth aspect of the embodiments of this application, a computer program product is provided, including a computer program that, when executed by a processor, implements the methods described above in the embodiments of this application. Attached Figure Description
[0028] More details, features, and advantages of embodiments of the present application are disclosed in the following description of exemplary embodiments in conjunction with the accompanying drawings, in which: Figure 1A schematic diagram of the system architecture provided for an exemplary embodiment of this application; Figure 2 A flowchart of a face image desensitization method provided as an exemplary embodiment of this application; Figure 3 A schematic block diagram of the functional modules of a face image desensitization device provided in an exemplary embodiment of this application; Figure 4 A structural block diagram of a server provided for an exemplary embodiment of this application. Detailed Implementation
[0029] Embodiments of this application will now be described in more detail with reference to the accompanying drawings. While some embodiments of this application are shown in the drawings, it should be understood that embodiments of this application can be implemented in various forms and should not be construed as limited to the embodiments set forth herein. Rather, these embodiments are provided to provide a more thorough and complete understanding of the embodiments of this application. It should be understood that the accompanying drawings and embodiments of this application are for illustrative purposes only and are not intended to limit the scope of protection of this application.
[0030] It should be understood that the various steps described in the method implementation of this application may be performed in different orders and / or in parallel. Furthermore, the method implementation may include additional steps and / or omit the steps shown. The scope of this application is not limited in this respect.
[0031] The term "comprising" and its variations as used herein are open-ended, meaning "including but not limited to". The term "based on" means "at least partially based on". The term "one embodiment" means "at least one embodiment"; the term "another embodiment" means "at least one additional embodiment"; the term "some embodiments" means "at least some embodiments". Definitions of other terms will be given in the following description. It should be noted that the concepts of "first", "second", etc., mentioned in the embodiments of this application are only used to distinguish different devices, modules, or units, and are not used to limit the order of functions performed by these devices, modules, or units or their interdependencies.
[0032] It should be noted that the terms "one" and "more" mentioned in the embodiments of this application are illustrative rather than restrictive. Those skilled in the art should understand that, unless otherwise expressly indicated in the context, they should be understood as "one or more".
[0033] The names of the messages or information exchanged between multiple devices in the embodiments of this application are for illustrative purposes only and are not intended to limit the scope of these messages or information.
[0034] As an optional but non-limiting implementation, in response to a user's active request, sending a prompt message to the user can be done via a pop-up window, where the prompt message can be presented in text format. Furthermore, the pop-up window can also include a selection control allowing the user to choose "agree" or "disagree" to provide personal information to the electronic device. It is understood that the above notification and user authorization process is merely illustrative and does not constitute a limitation on the implementation of this application's embodiments. Other methods that comply with relevant laws and regulations can also be applied to the implementation of this application's embodiments.
[0035] like Figure 1 As shown, Figure 1 This is a schematic diagram of the system architecture provided in the embodiments of this application. The system may include a computing device 10, which may specifically include a terminal or a server. The embodiments are described with the computing device 10 specifically being a terminal as an example. It should be noted that the system architecture may also adopt a collaborative mode of terminal and server, and the embodiments are not limited thereto.
[0036] In this embodiment, the computing device 10 may include: The image acquisition and processing module 11 is used to acquire an image to be processed containing a human face and to detect the human face region in the image to be processed.
[0037] In this embodiment, the image acquisition and processing module 11 can capture images within its field of view in real time. When a face appears in the image, the built-in face detection algorithm can automatically locate the face region in the image and further identify key points of the face (such as the positions of the eyes, nose, and corners of the mouth).
[0038] The feature extraction and fusion module 12 is used to extract the facial feature vector of the face region and obtain the privacy coverage information selected by the user, and extract the first feature vector of the face region based on the privacy coverage information.
[0039] In this embodiment, after successfully detecting a face, a privacy settings interface can pop up on the interactive screen of the computing device, possibly accompanied by voice prompts to guide the user in making selections. This interactive interface provides the user with a variety of preset masking templates, specifically including: Light occlusion: Only covers the most sensitive core areas such as the eyes.
[0040] Moderate occlusion: Covers the upper part of the face, including the eyes and nose.
[0041] Heavy masking: Covers almost the entire face area.
[0042] In addition, the interface also offers a custom area selection function, allowing users to manually draw any shape of the obscuring area via touch screen for more precise privacy control.
[0043] To balance interaction efficiency and privacy protection, an automatic timeout selection mechanism can be set up: if the user does not perform any operation within a preset time (e.g., 5 seconds), a moderate masking mode will be automatically enabled as the default. This design ensures that even without user interaction or if the user does not wish to select the mode, the implementation can still perform de-identification processing that complies with general privacy standards.
[0044] After the user selects (or the system defaults to) the privacy coverage area, this module can use a deep learning model (such as ArcFace) to extract a uniquely identifiable 512-dimensional facial feature vector from the located face region. Simultaneously, it compresses the user-selected occlusion range information (i.e., the coordinate parameters of the selected template or custom region) into a compact 16-bit data segment. Subsequently, the facial feature vector and the compressed coverage range information are concatenated and fused to form a complete data volume containing "identity features + occlusion rules".
[0045] The encryption and encoding module 13 is used to encrypt the fused data using the national cryptographic algorithm to generate encrypted data, and then encode the encrypted data to generate a QR code.
[0046] In this embodiment, to ensure data security and compliance, the module can encrypt the fused data generated in the aforementioned steps using the SM4 national cryptographic algorithm recognized by the State Cryptography Administration. SM4 is a block symmetric cryptographic algorithm with high security strength and computational efficiency. The encryption process uses a pre-allocated key to convert the fused data (i.e., the "identity features + masking rules" data body) into an unreadable encrypted data string. This fundamentally prevents the original facial features and user privacy preferences from being maliciously intercepted and cracked during transmission or storage, meeting the encryption requirements for personal information processing stipulated in regulations such as the Data Security Law.
[0047] This module performs Base64 encoding on the encrypted binary data string (encrypted data), converting it into a string composed of ASCII characters. This aims to transform the binary data into a standard text format conforming to QR code encoding specifications, preparing it for QR code generation.
[0048] It should be noted that the QR code generation in this embodiment does not use fixed parameters, but rather intelligently adapts to the privacy coverage area selected by the user. The error correction level of the QR code is adaptively selected based on the calculated pixel area of the selected coverage region in the image.
[0049] Error correction levels typically include: Low (L), Medium (M), Qualitative (Q), and High (H). Specifically, in QR code error correction, the four levels, ranked from lowest to highest error correction capability, are: Low (L): approximately 7% data recovery; Medium (M): approximately 15% data recovery; Qualitative (Q): approximately 25% data recovery; High (H): approximately 30% data recovery.
[0050] The selection strategy is as follows: the smaller the coverage area, the smaller the generated QR code size; to ensure reliable reading of the QR code within a limited size, a higher error correction level (such as Q-level or H-level) can be automatically selected to enhance its resistance to wear and occlusion. Conversely, if the coverage area is large and the QR code size is ample, a lower error correction level (such as L-level or M-level) can be selected to accommodate a more efficient data encoding density. Finally, by using a Base64-encoded string and the determined error correction level, a QR code image that matches the user-specified coverage area in terms of data capacity and visual size is generated.
[0051] The desensitized image output module 14 is used to adaptively overlay the QR code onto the privacy coverage area selected by the user in the face region based on the location of facial key points, and output a desensitized image.
[0052] For example, if a user wants to cover key areas of their face, such as the eyes or nose, using a QR code, the system can receive the user's selection of the facial area on the interface, obtain the user's selected privacy coverage area, and then cover the QR code onto that privacy coverage area.
[0053] It should be noted that, in the embodiments, "covering" refers to the change of pixel values. For example, when covering a QR code onto a privacy coverage area within a corresponding face region, the pixel values of each pixel in that privacy coverage area are modified or replaced with the pixel values of the QR code.
[0054] Specifically, the "overlay" process includes the following key image processing steps: (1) Target region localization and matting: Based on face detection and key point localization, the precise pixel coordinates of the privacy coverage area (i.e., the target region) selected by the user in the original image are first determined. This region is usually defined by a polygonal or rectangular mask.
[0055] (2) QR code image preprocessing: According to the coverage requirements, the generated QR code image is subjected to the corresponding perspective transformation so that its shape basically matches the outline of the target area. At the same time, the QR code image is usually processed into a foreground image with binary (black and white) or grayscale features.
[0056] (3) Pixel-level synthesis (overlay): The preprocessed QR code image is synthesized pixel-by-pixel with the original face image based on the coordinates of the target area. The standard processing mode is as follows: Full Coverage Mode: Within the target area, pixels from the QR code image directly replace the corresponding pixels in the original image. This mode ensures that the original information in the covered area is completely erased.
[0057] Blending Overlay Mode (Optional): To improve visual naturalness or meet specific needs, techniques such as alpha blending can be used to blend the QR code layer and the background (original face) layer to a certain degree of transparency. However, in the desensitization scenario provided in this application embodiment, to ensure privacy masking effect, a full overlay with 100% opacity is usually used.
[0058] Edge processing: To avoid jagged or abrupt transitions at the synthesized edges, anti-aliasing algorithms or feathering (such as using Gaussian blur to slightly soften the boundaries) can be applied to the boundaries of the covered area to make the transition between the QR code and the surrounding skin or background more natural. Meanwhile, reserving a buffer zone is also an important edge processing strategy to ensure the integrity of the coverage and the fault tolerance of the operation.
[0059] In this embodiment, to achieve a natural fusion of the QR code and the face region, a perspective transformation matrix can be calculated based on the located facial key points (such as the corners of the eyes, the tip of the nose, and the corners of the mouth). This matrix precisely describes the geometric mapping relationship between the standard, frontal QR code plane and the face target coverage area in the current image with a specific pose (such as slight tilt or side turn). The system uses this matrix to perform a perspective transformation on the generated QR code image, causing it to undergo corresponding deformation, thereby closely conforming to the actual curves and poses of the face, and accurately covering the privacy coverage area with the QR code.
[0060] In this embodiment, a narrow buffer zone can be reserved at the edge of the privacy coverage area during coverage. This effectively avoids the leakage of facial edge information due to factors such as QR code alignment errors or image compression, ensuring the thoroughness of visual desensitization.
[0061] After the overlay is complete, the module outputs a de-identified image containing a QR code. This image has directly hidden some visual information of the original face and can be used for: Local device functions: such as enabling the robot to navigate, avoid obstacles, or perform behavior analysis, without using the original human face image.
[0062] Restricted data flow: Displayed or circulated within commercial complexes for purposes such as passenger flow analysis, while also meeting privacy regulations.
[0063] At the same time, the encrypted fusion data (i.e., the "identity features + masking rules" data body encrypted with SM4) can be stored or synchronized. This encrypted data can be synchronized to the backend monitoring platform, supporting data value mining tasks such as customer flow statistics and repeat visit identification while fully protecting privacy, and providing a unique data foundation for identity tracing in authorized scenarios such as judicial evidence collection and emergency investigation.
[0064] The source tracing and comparison module 15 is used to read a QR code from a de-identified image when identity tracing is required, and to decode and decrypt the QR code to obtain feature vectors and privacy coverage information. Based on this feature vector and privacy coverage information, it is compared with the facial features to be verified to generate a comparison result for identity tracing.
[0065] In this embodiment, when it is necessary to trace the identity of specific individuals in authorized scenarios such as judicial evidence collection and emergency investigation, the following traceability comparison process can be initiated through this module to achieve reliable identity verification using the encrypted information embedded in the de-identified image: (1) Input of traceability information.
[0066] Authorized operators submit traceability requests on the regulatory platform. Three types of key information are required: Photo to be verified: A clear facial image of the candidate whose identity needs to be verified.
[0067] User desensitization key: The decryption key that is controlled by the user and corresponds to the encrypted data.
[0068] Desensitized images for the corresponding time period: previously generated desensitized facial images containing QR code overlays.
[0069] (2) QR code decoding and data decryption.
[0070] The implementation first uses a QR code recognition algorithm to read the QR code graphic in the de-identified image and decodes it to restore the Base64 encoded string. Then, the string is Base64 decoded to obtain the original encrypted data string. Using the user-provided de-identification key, the encrypted data string is decrypted using the SM4 national cryptographic algorithm. Upon successful decryption, the first feature vector extracted from the face region based on the user-selected privacy coverage information (masking area information) can be fully restored.
[0071] (3) Feature comparison and result output.
[0072] The second feature vector of the face is extracted from the photo to be verified based on privacy coverage information. Specifically, the similarity score between the two feature vectors in the effective dimension can be calculated using a cosine similarity algorithm. If the score exceeds a preset judgment threshold, the comparison result is output as TRUE (match); otherwise, FALSE (mismatch) is output, thereby enabling identity tracing.
[0073] (4) Operation record keeping and compliance audit.
[0074] To meet data security and operational compliance requirements, key metadata throughout the entire traceability and comparison process, including operator identity, operation time, de-identified image identifiers used, and comparison results (TRUE / FALSE), is encrypted and uploaded to an independent evidence storage system. This ensures that every traceability operation is traceable, forming a complete audit chain and complying with the traceability requirements of the Personal Information Protection Law and other regulations regarding the processing of sensitive biometric information.
[0075] The dynamic update module 16 is used to obtain the updated privacy coverage when it detects a user's request to update the privacy coverage for the above-mentioned de-identified image; and update the above-mentioned QR code based on the feature vector of the face and the updated privacy coverage, and regenerate the de-identified image based on the updated QR code.
[0076] In this embodiment, when a user reappears in front of a computing device (specifically, a certain type of terminal), after facial detection identifies the user as a previously registered user, the system can proactively prompt the user through an interactive interface: "We have detected that you have set up privacy masking. Do you need to adjust the current masking mode?"
[0077] If the user confirms the need for an update, the module will provide the same options (mild / medium / heavy / custom) as during the initial setup for the user to select again. It should be noted that this embodiment does not re-collect and extract facial features; instead, it directly calls the previously stored original facial feature vector bound to the user. This unchanged original feature vector is fused with the user's newly selected privacy coverage information, and then the same national cryptographic encryption (SM4) and QR code generation process as the initial processing is executed to generate a QR code representing the new privacy preferences.
[0078] At the same time, this module can mark old QR codes associated with a user as invalid in the background. This can be achieved by updating the user's valid version number on the server side or adding the old QR code ID to the invalidation list, thereby preventing old de-identified images from being used in subsequent traceability processes.
[0079] Ultimately, the module outputs an updated, de-identified image containing the new QR code for current and future use. This dynamic update mechanism ensures users have continuous and flexible control over their privacy; and because the benchmark used for comparison—the original facial feature vector—remains consistent, adjusting the obscuring area does not affect the logical correctness or comparison accuracy of tracing based on historical encrypted data. Furthermore, the entire update process is computationally lightweight, eliminating the need for repetitive, computationally expensive feature extraction, making it ideal for operation on terminals such as robots.
[0080] It should be noted that the above modules can be deployed in one or more computing devices 10, and the embodiments are not limited thereto.
[0081] Based on the above embodiments, this application also provides a method for desensitizing facial images, which can be applied to the aforementioned computing device 10, such as... Figure 2 As shown, the method may include the following steps: In step S210, an image to be processed containing a human face is acquired, and the human face region in the image to be processed is detected.
[0082] In this embodiment, an image containing a human face can be acquired using an image acquisition device (such as a camera) on a computing device. Subsequently, a face detection algorithm (such as MTCNN, YOLO, etc.) is used to process the image, automatically locating and selecting the face region, laying the foundation for subsequent feature extraction and processing.
[0083] In step S220, the privacy coverage information selected by the user is obtained, and the first feature vector of the face region covered by the privacy coverage information is extracted.
[0084] After successfully locating the face region, the system can obtain the privacy coverage information selected by the user. This privacy coverage information can be selected based on the user's actions, such as selecting a bounding box around the face on the interface. This allows the system to obtain a range or region selected by the user within the face region, thus obtaining the privacy coverage information. Then, a first feature vector can be extracted from the face region based on this privacy coverage information. This first feature vector is used for subsequent face recognition. For example, a pre-trained face recognition neural network model (such as ArcFace) can extract a high-dimensional, identity-discriminating first feature vector (e.g., a 512-dimensional feature vector) from the corresponding region based on the privacy coverage information. Simultaneously, the system obtains the privacy coverage information selected by the user through the interactive interface.
[0085] In step S230, a QR code is generated based on the first feature vector, such that the QR code contains facial features of the face region covered by the privacy coverage information.
[0086] The embodiment can generate a QR code based on the extracted first feature vector. By encoding the first feature vector, converting it into a string format suitable for QR code encoding, and adaptively selecting the error correction level of the QR code according to the size of the privacy coverage area selected by the user, a QR code image matching the size of the area is finally generated.
[0087] In step S240, the QR code is adaptively overlaid onto the privacy coverage area selected by the user in the face region, and a desensitized image is output.
[0088] The embodiment can calculate a perspective transformation matrix based on facial landmark localization technology and use this matrix to geometrically correct the generated QR code, enabling it to accurately adapt to the specific pose and scale of the face. The corrected QR code is adaptively overlaid onto the user-specified facial region, and a final de-identified image is output. This image effectively masks facial privacy visually, while the embedded QR code provides a unique data carrier for subsequent authorized identity tracing.
[0089] This embodiment systematically realizes the entire process from facial image acquisition to desensitized output through the above process. While ensuring that the original facial visual information is effectively hidden, it retains the ability to trace back to the source through encrypted QR codes and gives users the right to control the scope of privacy obscuring, thus achieving a balance between privacy protection, data availability and security compliance.
[0090] The facial image desensitization method provided in this application optimizes storage performance by generating QR codes with low data redundancy and high visual adaptability. Since the "first feature vector" originates only from the user's occluded area, its data dimension (size) is typically lower than that of a complete full-face feature vector. Subsequent processing (such as encryption and encoding) of the smaller feature vector generates even smaller data. Therefore, higher error correction and tolerance capabilities can be achieved at the same QR code size. This allows the generated QR code to: more flexibly adapt to the user-selected, potentially small, privacy-covering area, improve the QR code generation quality, avoid image information redundancy, and improve information storage performance. By extracting the first feature vector from the facial region based on the user-selected privacy-covering area, and by adaptively covering the QR code according to the user-selected privacy-covering area, the problem in related technologies of not being able to provide a reversible traceability channel while effectively protecting privacy can be solved. While achieving strong visual desensitization, the encrypted QR code retains identity feature information that can identify the user, making authorized identity tracing possible. This makes it applicable to scenarios requiring post-event identity tracing, such as judicial evidence collection and emergency investigations.
[0091] Based on the above embodiments, in another embodiment provided in this application, when generating a QR code based on the first feature vector, step S230 may specifically include: Step S231: At least the first feature vector is encrypted to generate encrypted data, and a QR code is generated based on the encrypted data.
[0092] After obtaining the first feature vector extracted from the user-specified area, the system can perform an encryption operation. Specifically, the system can use a cryptographic algorithm conforming to national cryptographic standards (such as the SM4 symmetric encryption algorithm) with a pre-configured key or a key provided by the user to encrypt the first feature vector. This encryption process converts the feature vector representing identity information into encrypted data that cannot be directly identified, ensuring that even if the data is intercepted, the original biometric features cannot be recovered, fundamentally meeting the regulatory requirements for data security and privacy protection. Subsequently, the system can format and encode the generated encrypted data (e.g., perform Base64 encoding), and select an appropriate QR code version and error correction level based on factors such as the size of the coverage area and the robustness requirements of the application scenario, ultimately generating a QR code image carrying encrypted identity information. This QR code will serve as material for subsequent visual overlay and simultaneously become a machine-readable ciphertext data carrier hidden within the desensitized image.
[0093] This embodiment combines the security of encrypted data with the visual and machine-readable characteristics of QR codes by encrypting the extracted facial feature vector using national cryptographic algorithms and then encoding it into a QR code. This allows the QR code to cover the facial area in an intuitive and reliable visual desensitization manner, while ensuring that the hidden identity information is protected by strong cryptographic technology and can be restored through authorized decryption.
[0094] Based on the above embodiments, in another embodiment provided in this application, the method may further include the following steps: In step S250, when identity tracing is required, a QR code is read from the de-identified image.
[0095] In this embodiment, when identity verification is required in authorized scenarios such as judicial evidence collection and emergency management, the QR code graphic data covering the face area can be read from the de-identified image generated above through the QR code recognition engine.
[0096] In step S260, the QR code is processed to obtain the first feature vector.
[0097] The system decodes the read QR code data (e.g., Base64 decoding) to restore the original first feature vector (decryption is also required if encryption is involved). This first feature vector represents the core identity features extracted from the user-authorized area and encrypted and stored during the de-identification process.
[0098] In step S270, facial features outside the privacy coverage area of the desensitized image are extracted.
[0099] Simultaneously, the system directly analyzes the de-identified image itself. Specifically, based on the decrypted or associated stored privacy coverage information, the system locates the areas in the image not covered by the QR code (i.e., the facial portion "outside the privacy coverage"). Subsequently, the system uses a facial recognition model to extract facial features from these visible, unmasked areas, obtaining a supplementary feature vector. This step utilizes the residual facial information in the de-identified image that is not visually disturbed by the QR code.
[0100] In step S280, the first feature vector and the face feature vector outside the privacy coverage are compared with the face features to be verified to generate a comparison result for identity tracing.
[0101] The system fuses or co-processes the first feature vector from the QR code with supplementary feature vectors extracted from uncovered areas of the de-identified image to form a more comprehensive reference feature set. This reference feature set is then compared with features extracted from the face image to be verified. By calculating the comprehensive similarity (using strategies such as weighted, cascaded, or decision fusion), the system ultimately generates a comparison result to determine whether the identity matches.
[0102] This embodiment constructs a dual-channel authentication mechanism by collaboratively extracting features from two independent sources: encrypted QR codes and the visible portions of de-identified images. This method significantly improves the robustness and accuracy of the traceability system: on the one hand, the encrypted QR code ensures the authenticity and tamper-proof nature of core identity features; on the other hand, the residual visible information in the de-identified image provides additional feature supplementation and cross-validation. This design allows the system to perform effective comparisons based on partial information even in extreme cases (such as partial damage to the QR code), enhancing the overall fault tolerance and reliability of the solution, making it suitable for identity tracing scenarios with extremely high security requirements.
[0103] The system decodes the read QR code data (including Base64 decoding) to reconstruct the encrypted data string. Then, using the user-controlled decryption key, the encrypted data string is decrypted using the SM4 national cryptographic algorithm, successfully reconstructing the original first feature vector. Simultaneously, the system extracts the second feature vector from the face image to be verified based on privacy coverage. By calculating the similarity (e.g., cosine similarity) between the first and second feature vectors, a comparison result (TRUE / FALSE) is generated to determine whether the identity matches. This achieves accurate and reliable identity tracing while fully protecting privacy.
[0104] It should be noted that the privacy coverage information may be contained in the QR code and obtained by reading the QR code, or the privacy coverage information may be stored in a cache or other storage location, and the embodiments are not limited thereto.
[0105] This embodiment reads the QR code in the desensitized image, decrypts and restores the original feature vector, and combines the coverage information during comparison to achieve accurate identity tracing while fully protecting visual privacy.
[0106] Based on the above embodiments, in another embodiment provided in this application, when obtaining the privacy coverage information selected by the user in step S220, this embodiment provides a more specific interactive implementation method. Therefore, the above step S220 may further include the following steps: In step S221, the system receives a preset masking template selected by the user. The number of preset masking templates includes multiple templates, and different masking templates are used to mask different areas of the face. And / or, the system receives the face masking range defined by the user on the interface.
[0107] The implementation can receive user input regarding the scope of privacy coverage through an interactive interface. For example, two complementary interaction methods are provided: Preset template selection: Provide users with multiple predefined masking templates to choose from. The templates include at least three modes: light masking, medium masking, and heavy masking. Different modes correspond to different sizes and positions of face area coverage schemes.
[0108] Custom selection: Alternatively or simultaneously, a custom area selection function is provided, allowing users to manually define any occlusion area directly on the displayed face image using touch or mouse.
[0109] In step S222, privacy coverage information is generated based on the preset masking template selected by the user and / or the face masking range defined by the user on the interface.
[0110] The embodiment converts the coverage intent determined by the user through any or a combination of the above methods into standardized data that can be identified and processed. That is, based on the identifier of the preset masking template selected by the user, and / or the area coordinate data manually defined by the user, structured privacy coverage information is generated.
[0111] This privacy coverage information can then be compressed and used to fuse with the first feature vector. This interactive design ensures that users can flexibly and intuitively control the granularity of their privacy protection based on specific scenarios (such as choosing heavy occlusion in public areas or light occlusion in trusted environments) or personal preferences, thus giving users autonomy and control.
[0112] Based on the above embodiments, in another embodiment provided in this application, the method may further include the following steps: In step S223, the privacy coverage information is compressed into data of the target bit length.
[0113] The system performs data compression on the privacy coverage information generated in step S222, converting it into compact data of a target bit length (e.g., 16 bits). This compression process aims to reduce the total amount of data in the final fused data, thereby ensuring that the amount of information in the generated QR code is moderate, so as to maintain high machine readability even in a small coverage area.
[0114] In step S224, the compressed privacy coverage data is concatenated with the first feature vector to form fused data. Thus, when at least the first feature vector is encrypted, the fused data can be encrypted to generate encrypted data.
[0115] By concatenating the compressed privacy coverage data with the first feature vector extracted from the face region (e.g., a 512-dimensional floating-point vector), a complete fused data set containing "identity features + masking rules" is formed. This fused data serves as the sole object for subsequent encryption operations, ensuring that the user's privacy preferences are tightly bound to their biometric information and jointly protected by national cryptographic algorithms. This lays the data foundation for accurate comparison during subsequent authorization and tracing, enabling the simultaneous recovery of both original features and coverage information.
[0116] This embodiment compresses privacy coverage information into compact data and then concatenates and fuses it with facial feature vectors. While ensuring data lightweighting, it achieves a strong binding between identity features and privacy rules. This satisfies the limitations of QR code data capacity, ensures reliable encoding and reading in small-scale occlusion areas, and provides a complete data foundation for subsequent decryption and tracing to simultaneously obtain original biometric features and accurate occlusion area information for precise comparison. It fundamentally solves the problem of insufficient tracing accuracy or excessive data volume caused by the independence of privacy protection settings and identity information in traditional desensitization.
[0117] In this embodiment, after the fused data is formed as described above, step S231 may further include: encrypting the fused data to generate encrypted data.
[0118] This embodiment generates encrypted data by encrypting the fused data. Specifically, a specified encryption algorithm (such as the SM4 national cryptographic algorithm) can be used to encrypt the fused data formed in the preceding steps. This operation ensures that facial features and user privacy preferences are jointly encrypted and protected. Any decryption operation on the encrypted data will simultaneously restore the original feature vector and its corresponding coverage information. The two are inseparable, thus ensuring the consistency and integrity of privacy rules and identity information from a cryptographic perspective, laying a reliable data foundation for subsequent traceable and accurate comparisons.
[0119] Based on the above embodiments, in another embodiment provided in this application, step S224 may further include: (1) Compress the privacy coverage information into data of the target bit length.
[0120] First, a data compression algorithm can be applied to the privacy coverage information obtained from the user interface (which may include region coordinates, template identifiers, etc.). This algorithm converts it into a fixed-length, compact binary sequence, i.e., data of the target bit length (e.g., compressed into a 16-bit or 32-bit bit stream). This process significantly reduces the amount of data required to characterize the privacy rules.
[0121] (2) The compressed privacy coverage data is concatenated with the first feature vector to form fused data.
[0122] The implementation can sequentially concatenate the compressed fixed-length privacy data with the first feature vector extracted from the face region (typically a high-dimensional floating-point array, such as 512-dimensional). Specifically, the compressed bit data is used as the header (or tail) and directly appended before (or after) the feature vector data sequence, thereby combining them into a single, coherent fused data block. This data block simultaneously encapsulates identity features and privacy rules.
[0123] This embodiment significantly reduces the storage and transmission overhead of privacy rules through data compression, resulting in a smaller overall fused data volume. This facilitates the generation of more concise and easily identifiable QR codes. Furthermore, the splicing operation achieves a strong binding between identity information and privacy settings in a simple and reliable manner. The resulting fused data is encrypted as an inseparable whole, fundamentally preventing privacy rules from being tampered with, stripped, or associated with incorrect identity features during transmission or use. This provides a solid guarantee of data integrity and consistency for the entire system and improves the efficiency of all subsequent processing steps.
[0124] Based on the above embodiments, in another embodiment provided in this application, when generating a QR code based on encrypted data, step S230 may further include the following steps: In step S232, the encrypted data is encoded to obtain encoded data.
[0125] The binary encrypted data generated using the national cryptographic algorithm is Base64 encoded, converting it into encoded data composed of standard ASCII characters. This conversion process ensures that the binary encrypted data can be correctly encoded into the QR code, guaranteeing data format compatibility and reliability. This embodiment can use Base64 encoding for the encrypted data, but other encoding methods can also be used; the embodiment is not limited to these.
[0126] In step S233, the error correction level of the QR code is adaptively selected based on the coverage area determined by the privacy coverage information.
[0127] The system can adaptively select the optimal error correction level (including four levels: L, M, Q, and H) for the QR code based on the coverage area parsed from the privacy coverage information. The selection strategy is as follows: the smaller the coverage area, the smaller the corresponding QR code size. In this case, the system automatically selects a higher error correction level (such as Q or H level) to improve the damage resistance and distortion resistance of small-sized QR codes and ensure the robustness of machine reading.
[0128] In step S234, a QR code is generated based on the error correction level and the encoding data.
[0129] By using Base64-encoded data and an adaptively selected error correction level as input parameters, a QR code generation algorithm is invoked to ultimately generate a QR code image that achieves an optimal balance between data capacity, visual size, and error correction capability. This adaptive mechanism ensures that the generated QR code can accurately match the user-specified size while maintaining extremely high readability in various practical application scenarios.
[0130] This embodiment ensures format compatibility by encoding encrypted data and adaptively selects the QR code error correction level based on the area of the privacy coverage area. This enables reliable QR code reading by improving error correction capabilities under limited coverage area. Ultimately, it generates a QR code that accurately matches the visually obscured area and has high robustness. This effectively solves the problem of QR codes being easily damaged and difficult to identify due to the size limitation of the coverage area, and provides a reliable technical guarantee for reversible traceability.
[0131] Based on the above embodiments, in another embodiment provided in this application, step S240 may further include the following steps: Step S241: Calculate the perspective transformation matrix based on the facial key points.
[0132] Based on the spatial coordinate relationships of acquired facial key points (including feature points such as the corners of the eyes, the tip of the nose, and the corners of the mouth), a perspective transformation matrix is calculated through mathematical modeling. This matrix accurately describes the spatial mapping relationship between a standard planar QR code and a facial target region with a specific three-dimensional pose in an image.
[0133] Step S242: Perform a geometric transformation on the QR code using a perspective transformation matrix. The geometric transformation is used to adapt to the current pose and scale of the human face.
[0134] The original standard QR code image is geometrically transformed using the perspective transformation matrix calculated in step S241. This transformation process causes the QR code to deform accordingly, enabling it to accurately adapt to the current pose (such as pitch and yaw angles) and scale of the human face, thus preparing it for subsequent accurate overlay.
[0135] Step S243: Overlay the transformed QR code onto the privacy coverage area selected by the user in the face area.
[0136] By geometrically transforming the QR code, its altered shape and size are precisely applied to the user-selected privacy coverage area within the face region. Through this process, the QR code naturally conforms to the curvature of the face, achieving seamless visual occlusion.
[0137] This embodiment utilizes the aforementioned perspective transformation technology based on facial key points to ensure that the QR code can adapt to diverse poses and scale changes of different faces. This guarantees the integrity and naturalness of the visual desensitization effect while fundamentally avoiding problems such as incomplete coverage or excessive QR code deformation leading to unreadable results due to pose changes, significantly improving the practicality and reliability of this technology in real-world, complex scenarios.
[0138] Based on the above embodiments, in another embodiment provided in this application, during the process of generating a QR code based on the first feature vector, step S230 may further include the following steps: (1) Determine the size of the QR code to be generated based on the size of the privacy coverage area; wherein the size of the QR code is larger than the size of the privacy coverage area.
[0139] The visual size of the QR code to be generated can first be determined based on the pixel area or the size of the bounding rectangle of the privacy coverage area selected by the user in the image. In this embodiment, the size of the generated QR code must be larger than the size of the corresponding privacy coverage area. This size difference provides the necessary pixel margin for subsequent precise coverage operations (such as edge alignment and perspective transformation correction), ensuring that the QR code can geometrically completely cover the target area (i.e., the privacy coverage area).
[0140] (2) Generate a QR code based on the first feature vector and the size of the QR code.
[0141] After determining the target size, the QR code generation algorithm is invoked by combining the first feature vector (or the encrypted data derived from it) with the calculated QR code size parameters. The generation process considers how to optimally encode the data and configure the error correction level within the given size, ultimately outputting a QR code image that carries identity features in its data content and is visually adapted to (and slightly larger than) the target coverage area.
[0142] This embodiment addresses the risk of incomplete coverage caused by minor deviations in face pose estimation, differences in image resolution, or edge processing during coverage by proactively adapting the QR code size to be slightly larger than the target coverage area, thus ensuring thorough visual desensitization. Furthermore, since the size is pre-calculated based on actual coverage requirements, it avoids the resource waste (too large) or insufficient coverage (too small) issues that may arise from using fixed-size QR codes.
[0143] Based on the above embodiments, in another embodiment provided in this application, when generating the comparison result for identity tracing, step S260 may further include the following steps: In step S261, a second feature vector is extracted from the face image to be verified based on the privacy coverage information.
[0144] In this embodiment, the same model used for extracting the first feature vector can be used to extract a second feature vector from the face image to be verified, based on privacy coverage information, for the face portion corresponding to the first feature vector.
[0145] Since the first feature vector used for feature comparison in the desensitized image is extracted based on the facial regions determined by privacy coverage information, a second feature vector can be extracted from the corresponding facial regions in the face to be verified based on the privacy coverage information. This eliminates interference from feature values in other regions, resulting in an optimized second feature vector. This step ensures that the comparison process focuses only on valid facial features.
[0146] In step S262, the cosine similarity between the first feature vector in the desensitized image and the second feature vector in the face image to be verified is calculated.
[0147] The cosine similarity between the first feature vector of the de-identified image obtained from the QR code and the second feature vector of the face to be verified is calculated. This similarity value quantifies the closeness of the two feature vectors in the effective dimension.
[0148] In step S263, when the cosine similarity is greater than a threshold, the comparison result showing that the face to be verified matches the desensitized image is output. Alternatively, when the cosine similarity is not greater than the threshold, the comparison result showing that the face to be verified does not match the desensitized image is output.
[0149] The example compares the calculated cosine similarity with a preset judgment threshold: If the cosine similarity is greater than the threshold, the comparison result (TRUE) between the face to be verified and the original face in the desensitized image is output.
[0150] If the cosine similarity is not greater than the threshold, then the output is a mismatch result (FALSE).
[0151] This embodiment achieves accurate local feature comparison by introducing a feature weight correction mechanism based on privacy coverage information. This effectively solves the problem of interference from the partial loss of feature information caused by QR code occlusion on traditional full-face comparison algorithms, significantly improving the accuracy and reliability of identity tracing. This makes the embodiment highly practical in scenarios with extremely high requirements for result accuracy, such as judicial evidence collection and security verification.
[0152] Based on the above embodiments, in another embodiment provided in this application, in response to changes in user privacy preferences, the method also supports dynamic updating of the generated de-identified images. Therefore, the method further includes the following steps: In step S291, when a user's request to update the privacy coverage for the de-identified image is detected, the updated privacy coverage is obtained.
[0153] By continuously monitoring user interaction requests, when a user requests an update to their privacy coverage due to changes in the scenario or adjustments in preferences (e.g., selecting "Modify Masking Mode" in the computing device's interface), the updated privacy coverage selected by the user is obtained through the interface. This step ensures that users have continuous control over their privacy protection.
[0154] In step S292, the QR code is updated based on the first feature vector and the updated privacy coverage area, and the desensitized image is regenerated based on the updated QR code.
[0155] Instead of re-extracting facial features, this implementation directly calls the previously stored original first feature vector associated with the user and fuses it with the updated privacy coverage information. Then, it executes the same national cryptographic encryption and QR code generation process as the initial processing, generating a new QR code representing the new privacy settings. This QR code is then used to regenerate the updated de-identified image. Simultaneously, the old QR code associated with the user is marked as invalid in the background to prevent the misuse of historical de-identified images.
[0156] The dynamic update mechanism provided in this embodiment has the following three significant effects: First, it provides users with continuous and flexible privacy control capabilities, enabling the solution to adapt to users' dynamically changing privacy needs in different scenarios; Second, since the benchmark used for comparison, namely the original first feature vector, remains unchanged, no matter how the user updates the masking range, it will not affect the logical consistency and comparison accuracy of tracing based on historical encrypted data; Third, the entire update process is computationally lightweight, without the need to repeat high-cost feature extraction, only requiring re-execution of the encryption and encoding process, which makes this function very suitable for real-time operation on edge terminal devices (such as robots) with limited computing resources, greatly improving the practicality and user-friendliness of the solution.
[0157] Based on the above embodiments, in another embodiment provided in this application, to ensure the integrity and reliability of QR code coverage, a buffer band reservation mechanism is also included during coverage execution. Therefore, the method further includes the following steps: In step S290, a buffer band is reserved in the privacy coverage area, the width of which can be determined based on the size of the QR code.
[0158] When a QR code is overlaid on a user-selected privacy coverage area, a buffer band is reserved at the edge of the target area. The width of this buffer band is not a fixed value, but is dynamically determined proportionally to the size of the generated QR code (for example, set to 5%-8% of the QR code's side length). This design ensures that the size of the buffer band is consistent with the visual scale of the QR code.
[0159] This buffer band reservation mechanism significantly enhances the practicality of the solution: First, it effectively prevents edge information leakage caused by QR code alignment errors, image compression, or minor facial movements, ensuring thorough visual privacy protection. Second, it provides necessary boundary isolation for QR code recognition, reducing interference from facial background textures and significantly improving machine reading success rates. Third, the adaptive width determination mechanism ensures optimal isolation regardless of QR code size, avoiding the problem of fixed-width buffer bands occupying too much effective area for small-scale coverage or providing insufficient protection for large-scale coverage. This design greatly enhances the robustness and reliability of the solution in real-world, complex scenarios.
[0160] By dividing each function into corresponding functional modules, this application provides a face image desensitization device, which can be a server, a terminal, or a chip applied to a server. Figure 3 A schematic block diagram of the functional modules of a face image desensitization device provided for an exemplary embodiment of this application. Figure 3 As shown, the facial image desensitization device includes: Image acquisition and processing module 31 is used to acquire an image to be processed containing a human face and to detect the human face region in the image to be processed; Feature extraction module 32 is used to obtain the privacy coverage information selected by the user and extract the first feature vector of the face region covered by the privacy coverage information; Encoding module 33 is used to generate a QR code based on the first feature vector, so that the QR code contains facial features of the face region covered by the privacy coverage information. The desensitized image output module 34 is used to adaptively overlay the QR code onto the privacy coverage area selected by the user in the face area and output a desensitized image.
[0161] This solution can extract the first feature vector from the facial region based on the user-selected privacy coverage area, and can adaptively overlay the QR code according to the user-selected privacy coverage area. This solves the problem in related technologies that cannot provide a reversible traceability channel while effectively protecting privacy. While achieving strong visual desensitization, it retains the user's identity features through encrypted QR codes, making authorized identity tracing possible. This makes it applicable to scenarios requiring post-event identity verification, such as judicial evidence collection and emergency investigations.
[0162] In one possible implementation, encoding module 33 is specifically used for: At least the first feature vector is encrypted to generate encrypted data, and a QR code is generated based on the encrypted data.
[0163] This embodiment combines the security of encrypted data with the visual and machine-readable characteristics of QR codes by encrypting the extracted facial feature vector using national cryptographic algorithms and then encoding it into a QR code. This allows the QR code to cover the facial area in an intuitive and reliable visual desensitization manner, while ensuring that the hidden identity information is protected by strong cryptographic technology and can be restored through authorized decryption.
[0164] In one possible implementation, the device further includes a fusion module, specifically used for: The privacy coverage information is concatenated with the first feature vector to form fused data; Encoding module 33 is also specifically used for: The merged data is encrypted to generate encrypted data.
[0165] This embodiment generates encrypted data by encrypting the fused data. Specifically, a specified encryption algorithm (such as the SM4 national cryptographic algorithm) can be used to encrypt the fused data formed in the aforementioned steps. This operation ensures that facial features and the user's privacy preferences are jointly encrypted and protected.
[0166] In one possible implementation, the fusion module is further used for: Compress privacy coverage information into data of the target bit length; The compressed privacy coverage data is concatenated with the first feature vector to form fused data.
[0167] By concatenating the compressed privacy coverage data with the first feature vector extracted from the face region (e.g., a 512-dimensional floating-point vector), a complete fused data set containing "identity features + masking rules" is formed. This fused data serves as the sole object for subsequent encryption operations, ensuring that the user's privacy preferences are tightly bound to their biometric information and jointly protected by national cryptographic algorithms. This lays the data foundation for accurate comparison during subsequent authorization and tracing, enabling the simultaneous recovery of both original features and coverage information.
[0168] In one possible implementation, the encoding module 33 is further used for: Encode the encrypted data to obtain encoded data; The error correction level of the QR code is adaptively selected based on the coverage area determined by the privacy coverage information. A QR code is generated based on the error correction level and the encoding data.
[0169] This solution ensures format compatibility by encoding encrypted data and adaptively selects the QR code error correction level based on the area of the privacy coverage region. It achieves reliable QR code reading by improving error correction capabilities under limited coverage area, and finally generates a QR code that accurately matches the visually obscured area and has high robustness. It effectively solves the problem of QR code damage and difficulty in recognition caused by the size limitation of the coverage area, and provides a reliable technical guarantee for reversible traceability.
[0170] In one possible implementation, the desensitized image output module 34 is further used for: Calculate the perspective transformation matrix based on facial key points; A perspective transformation matrix is used to perform a geometric transformation on the QR code, which is then used to adapt to the current pose and scale of the human face. The transformed QR code is overlaid onto the user-selected privacy coverage area within the face region.
[0171] This solution utilizes the aforementioned perspective transformation technology based on facial key points to ensure that QR codes can adapt to diverse facial postures and scale variations. This guarantees the integrity and naturalness of the visual desensitization effect while fundamentally avoiding issues such as incomplete coverage or excessive QR code deformation leading to unreadable results due to posture changes. This significantly improves the practicality and reliability of the technology in real-world, complex scenarios.
[0172] In one possible implementation, the encoding module 33 is further used for: The size of the QR code to be generated is determined based on the size of the privacy coverage area; wherein, the size of the QR code is larger than the size of the privacy coverage area. A QR code is generated based on the first feature vector and the size of the QR code.
[0173] This embodiment addresses the risk of incomplete coverage caused by minor deviations in face pose estimation, differences in image resolution, or edge processing during coverage by proactively adapting the QR code size to be slightly larger than the target coverage area, thus ensuring thorough visual desensitization. Furthermore, since the size is pre-calculated based on actual coverage requirements, it avoids the resource waste (too large) or insufficient coverage (too small) issues that may arise from using fixed-size QR codes.
[0174] In one possible implementation, the feature extraction module 32 is further used for: When identity verification is required, the QR code is read from the de-identified image; Process the QR code to obtain the first feature vector; Extracting facial features outside the privacy coverage area from desensitized images; Based on the first feature vector and the facial feature vector outside the privacy coverage area, the features are compared with the facial features to be verified to generate a comparison result for identity tracing.
[0175] This embodiment constructs a dual-channel authentication mechanism by collaboratively extracting features from two independent sources: encrypted QR codes and the visible portions of de-identified images. This device significantly improves the robustness and accuracy of the traceability system: on the one hand, the encrypted QR code ensures the authenticity and tamper-proof nature of core identity features; on the other hand, the residual visible information in the de-identified image provides additional feature supplementation and cross-verification. This design allows the system to perform effective comparisons based on partial information even in extreme cases (such as partial damage to the QR code), enhancing the overall fault tolerance and reliability of the solution, making it suitable for identity tracing scenarios with extremely high security requirements.
[0176] In one possible implementation, the device further includes an update module, specifically used for: When a user requests an update to the privacy coverage for an anonymized image, the updated privacy coverage is obtained. Based on the first feature vector and the updated privacy coverage, the QR code is updated, and the de-identified image is regenerated based on the updated QR code.
[0177] The dynamic update mechanism provided by this solution grants users continuous and flexible privacy control, enabling the solution to adapt to users' dynamically changing privacy needs in different scenarios. Furthermore, because the benchmark used for comparison—the original first feature vector—remains unchanged, updating the masking range will not affect the logical consistency and comparison accuracy of tracing based on historical encrypted data. In addition, the entire update process is computationally lightweight, eliminating the need for repetitive, costly feature extraction; only the encryption and encoding processes need to be re-executed. This makes the function ideal for real-time operation on edge devices with limited computing resources (such as robots), greatly enhancing the practicality and user-friendliness of the solution.
[0178] This application also provides a computing device, including: at least one processor; a memory for storing at least one processor-executable instruction; wherein the at least one processor is configured to execute instructions to implement the methods disclosed in the embodiments of this application.
[0179] The aforementioned processor can also be called a central processing unit (CPU), which can be an integrated circuit chip with signal processing capabilities. Each step in the method disclosed in this application can be implemented by integrated logic circuits in the processor's hardware or by software instructions. The aforementioned processor can be a general-purpose processor, a digital signal processor (DSP), an application-specific integrated circuit (ASIC), a field-programmable gate array (FPGA), or other programmable logic devices, discrete gate or transistor logic devices, or discrete hardware components. A general-purpose processor can be a microprocessor or any conventional processor. The steps of the method disclosed in this application can be directly implemented by a hardware decoding processor, or implemented by a combination of hardware and software modules in the decoding processor. The software modules can be located in memory, such as random access memory, flash memory, read-only memory, programmable read-only memory, electrically erasable programmable memory, registers, or other mature storage media in the art. The processor reads information from the memory and, in conjunction with its hardware, completes the steps of the above method.
[0180] Furthermore, the aforementioned computing device can specifically be a terminal or a server. For example, various operations / processes according to the embodiments of this application, implemented through software and / or firmware, can transmit data from a storage medium or network to a server with a dedicated hardware architecture, such as... Figure 4The server 1900 shown is equipped with the programs that constitute the software. When various programs are installed on the server, it is able to perform various functions, including those mentioned above. Figure 4 A structural block diagram of a server provided for an exemplary embodiment of this application.
[0181] Server 1900 is intended to represent various forms of digital electronic computer devices, such as laptop computers, desktop computers, workstations, personal digital assistants, servers, mainframe computers, and other suitable computers. The components shown herein, their connections and relationships, and their functions are merely examples and are not intended to limit the implementation of the embodiments described and / or claimed herein.
[0182] like Figure 4 As shown, server 1900 includes a computing unit 1901, which can perform various appropriate actions and processes based on a computer program stored in read-only memory (ROM) 1902 or loaded into random access memory (RAM) 1903 from storage unit 1908. RAM 1903 may also store various programs and data required for the operation of server 1900. Server 1900 also includes a GPU 1910. Computing unit 1901, ROM 1902, GPU 1910, and RAM 1903 are interconnected via bus 1904. Input / output (I / O) interface 1905 is also connected to bus 1904. The number of GPUs 1910 may include multiple GPUs.
[0183] Multiple components in server 1900 are connected to I / O interface 1905, including: input unit 1906, output unit 1907, storage unit 1908, and communication unit 1909. Input unit 1906 can be any type of device capable of inputting information to server 1900. Input unit 1906 can receive input numeric or character information and generate key signal inputs related to user settings and / or function control of the server. Output unit 1907 can be any type of device capable of presenting information and may include, but is not limited to, a monitor, speaker, video / audio output terminal, vibrator, and / or printer. Storage unit 1908 may include, but is not limited to, disks and optical discs. Communication unit 1909 allows server 1900 to exchange information / data with other devices via a network such as the Internet, and may include, but is not limited to, modems, network cards, infrared communication devices, wireless communication transceivers, and / or chipsets, such as Bluetooth™ devices, WiFi devices, WiMax devices, cellular communication devices, and / or the like.
[0184] The computing unit 1901 can be various general-purpose and / or special-purpose processing components with processing and computing capabilities. Some examples of the computing unit 1901 include, but are not limited to, a central processing unit (CPU), a graphics processing unit (GPU), various special-purpose artificial intelligence (AI) computing chips, various computing units running machine learning model algorithms, a digital signal processor (DSP), and any suitable processor, controller, microcontroller, etc. The computing unit 1901 performs the various methods and processes described above. For example, in some embodiments, the methods disclosed in the embodiments of this application can be implemented as a computer software program, which is tangibly contained in a machine-readable medium, such as storage unit 1908. In some embodiments, part or all of the computer program can be loaded and / or installed on a server via ROM 1902 and / or communication unit 1909. In some embodiments, the computing unit 1901 can be configured to perform the methods disclosed in the embodiments of this application by any other suitable means (e.g., by means of firmware).
[0185] This application also provides a computer-readable storage medium, wherein when the instructions in the computer-readable storage medium are executed by the processor of a server, the server is able to perform the methods disclosed in the embodiments of this application.
[0186] The computer-readable storage medium in this application embodiment may be a tangible medium that may contain or store a program for use by or in conjunction with an instruction execution system, apparatus, or device. The aforementioned computer-readable storage medium may include, but is not limited to, electronic, magnetic, optical, electromagnetic, infrared, or semiconductor systems, apparatus, or devices, or any suitable combination of the foregoing. More specifically, the aforementioned computer-readable storage medium may include an electrical connection based on one or more wires, a portable computer disk, a hard disk, random access memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM or flash memory), optical fiber, portable compact disk read-only memory (CD-ROM), optical storage device, magnetic storage device, or any suitable combination of the foregoing.
[0187] The aforementioned computer-readable medium may be included in the aforementioned server; or it may exist independently and not assembled into the server.
[0188] This application also provides a computer program product, including a computer program, wherein the computer program, when executed by a processor, implements the methods disclosed in the embodiments of this application.
[0189] In embodiments of this application, computer program code for performing the operations of this application can be written in one or more programming languages or a combination thereof. These programming languages include, but are not limited to, object-oriented programming languages such as Java, Smalltalk, and C++, as well as conventional procedural programming languages such as C or similar languages. The program code can be executed entirely on the user's computer, partially on the user's computer, as a standalone software package, partially on the user's computer and partially on a remote computer, or entirely on a remote computer or server. In cases involving remote computers, the remote computer can be connected to the user's computer via any type of network (including a local area network (LAN) or a wide area network (WAN)), or it can be connected to an external computer.
[0190] The flowcharts and block diagrams in the accompanying drawings illustrate the architecture, functionality, and operation of possible implementations of systems, methods, and computer program products according to various embodiments of this application. In this regard, each block in a flowchart or block diagram may represent a module, segment, or portion of code containing one or more executable instructions for implementing a specified logical function. It should also be noted that in some alternative implementations, the functions indicated in the blocks may occur in a different order than those indicated in the drawings. For example, two consecutively indicated blocks may actually be executed substantially in parallel, and they may sometimes be executed in reverse order, depending on the functions involved. It should also be noted that each block in the block diagrams and / or flowcharts, and combinations of blocks in the block diagrams and / or flowcharts, can be implemented using a dedicated hardware-based system that performs the specified function or operation, or using a combination of dedicated hardware and computer instructions.
[0191] The modules, components, or units described in the embodiments of this application can be implemented in software or hardware. The names of the modules, components, or units do not necessarily constitute a limitation on the module, component, or unit itself.
[0192] The functions described above in this document can be performed at least in part by one or more hardware logic components. For example, without limitation, exemplary hardware logic components that can be used include: field-programmable gate arrays (FPGAs), application-specific integrated circuits (ASICs), application-specific standard products (ASSPs), system-on-a-chip (SoCs), complex programmable logic devices (CPLDs), and so on.
[0193] The above description is merely an embodiment of this application and an explanation of the technical principles employed. Those skilled in the art should understand that the scope of disclosure in this application is not limited to technical solutions formed by specific combinations of the above-described technical features, but should also cover other technical solutions formed by arbitrary combinations of the above-described technical features or their equivalents without departing from the above-described concept. For example, technical solutions formed by substituting the above features with (but not limited to) technical features with similar functions disclosed in this application.
[0194] While specific embodiments of this application have been described in detail by way of examples, those skilled in the art should understand that the above examples are for illustrative purposes only and are not intended to limit the scope of this application. Those skilled in the art should understand that modifications can be made to the above embodiments without departing from the scope and spirit of this application. The scope of this application is defined by the appended claims.
Claims
1. A method for desensitizing facial images, characterized in that, The method includes: Acquire an image to be processed containing a human face, and detect the face region in the image to be processed; Obtain the privacy coverage area information selected by the user, and extract the first feature vector of the face region covered by the privacy coverage area information; Based on the first feature vector, a QR code is generated such that the QR code contains facial features of the face region covered by the privacy coverage information. The QR code is adaptively overlaid onto the user-selected privacy coverage area in the face region, and a desensitized image is output.
2. The method according to claim 1, characterized in that, The step of generating a QR code based on the first feature vector includes: At least the first feature vector is encrypted to generate encrypted data, and a QR code is generated based on the encrypted data.
3. The method according to claim 2, characterized in that, Before the step of encrypting at least the first feature vector to generate encrypted data, the method further includes: The privacy coverage information is concatenated with the first feature vector to form fused data; The step of encrypting at least the first feature vector to generate encrypted data includes: The fused data is encrypted to generate encrypted data.
4. The method according to claim 3, characterized in that, The step of concatenating the privacy coverage information with the first feature vector to form fused data includes: Compress the privacy coverage information into data of the target bit length; The compressed privacy coverage data is concatenated with the first feature vector to form fused data.
5. The method according to any one of claims 2 to 4, characterized in that, The generation of a QR code based on the encrypted data includes: The encrypted data is encoded to obtain encoded data; The error correction level of the QR code is adaptively selected based on the coverage area determined by the privacy coverage information. A QR code is generated based on the error correction level and the encoded data.
6. The method according to any one of claims 1 to 5, characterized in that, The step of adaptively overlaying the QR code onto a user-selected privacy coverage area within the face region includes: Calculate the perspective transformation matrix based on facial key points; The QR code is geometrically transformed using the perspective transformation matrix, and the geometric transformation is used to adapt to the current pose and scale of the human face; The transformed QR code is then overlaid onto the user-selected privacy coverage area within the face region.
7. The method according to any one of claims 1 to 6, characterized in that, The step of generating a QR code based on the first feature vector includes: The size of the QR code to be generated is determined based on the size of the privacy coverage area; wherein the size of the QR code is larger than the size of the privacy coverage area. A QR code is generated based on the first feature vector and the size of the QR code.
8. The method according to any one of claims 1 to 7, characterized in that, The method further includes: When identity tracing is required, the QR code is read from the de-identified image; The QR code is processed to obtain the first feature vector; Extract facial features outside the privacy coverage area from the desensitized image; Based on the first feature vector and the facial feature vector outside the privacy coverage area, a comparison is made with the facial features to be verified to generate a comparison result for identity tracing.
9. The method according to any one of claims 1 to 8, characterized in that, The method further includes: When a user requests an update to the privacy coverage area for the de-identified image, the updated privacy coverage area is obtained. Based on the first feature vector and the updated privacy coverage, the QR code is updated, and the de-identified image is regenerated based on the updated QR code.
10. A computing device, characterized in that, include: At least one processor; Memory for storing the at least one processor-executable instruction; The at least one processor is configured to execute the instructions to implement the method as described in any one of claims 1-9.