One-to-many matching with application to efficient privacy-preserving re-identification

1 . An authentication system comprising: an authenticator comprising an electronic data processing device configured to perform an authentication process to determine whether a person or object to be authenticated is a member of a set of authorized persons or objects, the authentication process including the operations of: acquiring a query signature comprising a vector whose elements store values of an ordered set of features for the person or object to be authenticated; computing an inner product of the query signature and an aggregate signature comprising a vector whose elements store values of the ordered set of features for the set of authorized persons or objects; and determining whether the person or object to be authenticated is a member of the set of authorized persons or objects based on the inner product of the query signature and the aggregate signature. 2 . The authentication system of claim 1 wherein the person or object to be authenticated is a person to be authenticated, the set of authorized persons or objects is a set of authorized persons, and the operation of acquiring the query signature comprises: acquiring biometric data for the person to be authenticated; and extracting the values of the ordered set of features for the person to be authenticated from the acquired biometric data. 3 . The authentication system of claim 2 wherein the biometric data including one of an electronic fingerprint, one or more face images, and an eye scan. 4 . The authentication system of claim 2 further comprising: a computer; and an electronic fingerprint reader integral with the computer; wherein the operation of acquiring biometric data comprises causing the electronic fingerprint reader to acquire a fingerprint of the person to be authenticated; and wherein the computer is programmed to perform a login process in response to the authenticator determining the person to be authenticated is a member of the set of authorized persons. 5 . The authentication system of claim 1 wherein the person or object to be authenticated is a vehicle to be authenticated, the set of authorized persons or objects is a set of authorized vehicles, and the operation of acquiring the query signature comprises: acquiring an image of a license plate of the vehicle to be authenticated; and extracting the values of the ordered set of features for the vehicle to be authenticated from the image of the license plate. 6 . The authentication system of claim 5 further comprising: a camera; and a vehicle barrier gate; wherein the operation of acquiring the image uses the camera to acquire the image of the license plate of the vehicle to be authenticated; and wherein the vehicle barrier gate includes a gate actuator operatively connected to open the vehicle barrier gate in response to the authenticator determining the vehicle to be authenticated is a member of the set of authorized vehicles. 7 . The authentication system of claim 1 further comprising: an authenticator training component comprising an electronic data processing device configured to generate the aggregate signature representing the set of authorized persons or objects by operations including: generating a set of authorized signatures by acquiring a signature for each authorized person or object comprising a vector whose elements store values of the ordered set of features for that authorized person or object; and determining the aggregate signature by aggregating the authorized signatures of the set of authorized signatures. 8 . The authentication system of claim 7 wherein: the operation of determining the aggregate signature comprises determining the aggregate signature to set an inner product of each authorized signature and the aggregate signature to a target inner product value; and the operation of determining whether the person or object to be authenticated is a member of the set of authorized persons or objects comprises comparing the inner product of the query signature and the aggregate signature with the target inner product value. 9 . The authentication system of claim 7 wherein: the operation of determining the aggregate signature comprises sum aggregating the authorized signatures; and the operation of determining whether the person or object to be authenticated is a member of the set of authorized persons or objects comprises performing a threshold operation on the inner product of the query signature and the aggregate signature. 10 . The authentication system of claim 7 wherein the operation of determining the aggregate signature is performed using generalized max pooling. 11 . The authentication system of claim 10 wherein the generalized max pooling is performed using ridge regression. 12 . The authentication system of claim 7 wherein the operation of determining the aggregate signature does not use any signature that is labeled to indicate it is an unauthorized signature that is not in the set of authorized signatures. 13 . The authentication system of claim 12 wherein the operation of determining the aggregate signature includes whitening the authorized signatures using a set of background signatures that are not labeled as to membership in the set of authorized signatures, wherein the aggregate signature is determined by aggregating the whitened authorized signatures. 14 . The authentication system of claim 7 wherein: the authenticator and the authenticator training component comprise different electronic data processing devices; and the authenticator does not have access to the set of authorized signatures generated at the authenticator training component. 15 . An authentication method for determining whether a person or object to be authenticated is a member of a set of authorized persons or objects, the authentication method comprising: acquiring a query signature comprising a vector whose elements store values of an ordered set of features for the person or object to be authenticated; comparing the query signature and an aggregate signature comprising a vector whose elements store values of the ordered set of features for the set of authorized persons or objects; and determining whether the person or object to be authenticated is a member of the set of authorized persons or objects based on the comparison. 16 . The authentication method of claim 15 wherein the comparing comprises computing an inner product of the query signature and the aggregate signature and the determining is based on the inner product. 17 . The authentication method of claim 15 wherein the person or object to be authenticated is a person to be authenticated, the set of authorized persons or objects is a set of authorized persons, the ordered set of features is an ordered set of biometric features, and the acquiring comprises: acquiring biometric data of the person to be authenticated using a camera, fingerprint scanner, or eye scanner; and extracting the values of the ordered set of features for the person or object to be authenticated from the acquired biometric data. 18 . The authentication method of claim 17 further comprising one of: logging into a computer in response to determining the person to be authenticated is a member of the set of authorized persons; or admitting the person to be authenticated to a secure area in response to determining the person to be authenticated is a member of the set of authorized persons. 19 . The authentication method of claim 15 wherein the person or object to be authenticated is an object