CN116010970A

CN116010970A - Data processing method and device based on remote sensing data

Info

Publication number: CN116010970A
Application number: CN202310001614.0A
Authority: CN
Inventors: 张鸿; 未乐; 杨森; 陈高星; 湛宗儒; 邹建兵
Original assignee: Zhejiang eCommerce Bank Co Ltd
Current assignee: Zhejiang eCommerce Bank Co Ltd
Priority date: 2021-05-20
Filing date: 2021-05-20
Publication date: 2023-04-25
Also published as: CN113254940B; CN113254940A

Abstract

The embodiment of the specification provides a data processing method and device based on remote sensing data, wherein the data processing method based on the remote sensing data comprises the following steps: acquiring encrypted land block data sent by a first server and transmitting the encrypted land block data into a trusted execution environment; the encrypted land parcel data is obtained by encrypting the land parcel data by the first server based on a public key; decrypting the encrypted land block data based on a private key paired with the public key in the trusted execution environment, and marking the type of the land block crop on the imported remote sensing data based on a decryption result to obtain a remote sensing data sample; model training is carried out according to the remote sensing data sample in the trusted execution environment, and a crop type identification model obtained through training is encrypted; and obtaining and storing the encryption model output by the trusted execution environment.

Description

Data processing method and device based on remote sensing data

The application is a divisional application of China patent application with the name of 'data processing method and device based on remote sensing data' which is filed by China patent office, application number 202110552120.2 and the name of 2021, 05 and 20 days.

Technical Field

The present document relates to the field of data processing technologies based on remote sensing data, and in particular, to a data processing method and device based on remote sensing data.

Background

Along with the development of remote sensing technology, remote sensing data has been widely used in various industries; the remote sensing technology is a general term of various comprehensive technical systems for earth and celestial body observation from the ground to the space, satellite data can be acquired from a remote sensing technology platform, and is accepted, processed and analyzed by a remote sensing instrument and information, the remote sensing technology is a high and new technology which is rapidly developed, an information network is formed, and a large amount of scientific data and dynamic information are continuously provided for people at regular time and moment; the remote sensing data generally refers to remote sensing images, namely films or photos for recording the electromagnetic wave sizes of various ground features, and are mainly divided into aerial photos and satellite photos.

Disclosure of Invention

One or more embodiments of the present specification provide a data processing method based on remote sensing data. The data processing method based on the remote sensing data comprises the following steps: and acquiring the encrypted land block data sent by the first server and transmitting the encrypted land block data into a trusted execution environment. The encrypted land parcel data is obtained by encrypting the land parcel data by the first server based on a public key. And decrypting the encrypted land block data based on a private key paired with the public key in the trusted execution environment, and marking the type of the land block crop on the imported remote sensing data based on a decryption result to obtain a remote sensing data sample. Model training is carried out in the trusted execution environment according to the remote sensing data sample, and the crop type identification model obtained through training is encrypted. And obtaining and storing the encryption model output by the trusted execution environment.

One or more embodiments of the present disclosure provide an identification data processing method based on remote sensing data, including: and receiving the public key generated by the trusted execution environment and transmitted by the second server. Encrypting the land parcel data according to the public key, and transmitting the encrypted land parcel data obtained by encryption to the second server. And obtaining an encryption identification result of the land parcel crop type of the target remote sensing data sent by the second server. The land crop type is obtained by the second server after crop type identification is carried out on the target remote sensing data transmitted by using a crop type identification model in the trusted execution environment; and the encryption identification result is obtained by encrypting the land parcel crop type by the trusted execution environment according to the public key. And decrypting the encrypted identification result by using a private key paired with the public key to obtain the land parcel crop type so as to determine the land parcel crop type corresponding to the land parcel marking data submitted by the user.

One or more embodiments of the present specification provide a data processing apparatus based on remote sensing data, including: and the acquisition module is configured to acquire the encrypted land block data sent by the first server and transmit the encrypted land block data into the trusted execution environment. The encrypted land parcel data is obtained by encrypting the land parcel data by the first server based on a public key. And the decryption module is configured to decrypt the encrypted land block data based on a private key paired with the public key in the trusted execution environment, and mark the land block crop type of the imported remote sensing data based on a decryption result to obtain a remote sensing data sample. The training module is configured to perform model training according to the remote sensing data samples in the trusted execution environment and encrypt a crop type recognition model obtained through training. And the storage module is configured to acquire and store the encryption model output by the trusted execution environment.

One or more embodiments of the present specification provide an identification data processing apparatus based on remote sensing data, including: and the receiving module is configured to receive the public key generated by the trusted execution environment and sent by the second server. And the encryption module is configured to encrypt the land block data according to the public key and send the encrypted land block data obtained by encryption to the second server. And the acquisition module is configured to acquire an encryption identification result of the land parcel crop type of the target remote sensing data sent by the second server. The land crop type is obtained by the second server after crop type identification is carried out on the incoming target remote sensing data by using a crop type identification model in the trusted execution environment. And the encryption identification result is obtained by encrypting the land parcel crop type by the trusted execution environment according to the public key. And the decryption module is configured to decrypt the encrypted identification result by using a private key matched with the public key to obtain the type of the land parcel crops so as to determine the type of the land parcel crops corresponding to the land parcel marking data submitted by the user.

One or more embodiments of the present specification provide a data processing apparatus based on telemetry data, including: a processor; and a memory configured to store computer-executable instructions that, when executed, cause the processor to: and acquiring the encrypted land block data sent by the first server and transmitting the encrypted land block data into a trusted execution environment. The encrypted land parcel data is obtained by encrypting the land parcel data by the first server based on a public key. And decrypting the encrypted land block data based on a private key paired with the public key in the trusted execution environment, and marking the type of the land block crop on the imported remote sensing data based on a decryption result to obtain a remote sensing data sample. Model training is carried out in the trusted execution environment according to the remote sensing data sample, and the crop type identification model obtained through training is encrypted. And obtaining and storing the encryption model output by the trusted execution environment.

One or more embodiments of the present specification provide an identification data processing apparatus based on remote sensing data, including: a processor; and a memory configured to store computer-executable instructions that, when executed, cause the processor to: and receiving the public key generated by the trusted execution environment and transmitted by the second server. Encrypting the land parcel data according to the public key, and transmitting the encrypted land parcel data obtained by encryption to the second server. And obtaining an encryption identification result of the land parcel crop type of the target remote sensing data sent by the second server. The land crop type is obtained by the second server after crop type identification is carried out on the target remote sensing data transmitted by using a crop type identification model in the trusted execution environment; and the encryption identification result is obtained by encrypting the land parcel crop type by the trusted execution environment according to the public key. And decrypting the encrypted identification result by using a private key paired with the public key to obtain the land parcel crop type so as to determine the land parcel crop type corresponding to the land parcel marking data submitted by the user.

One or more embodiments of the present specification provide a storage medium storing computer-executable instructions that, when executed, implement the following: and acquiring the encrypted land block data sent by the first server and transmitting the encrypted land block data into a trusted execution environment. The encrypted land parcel data is obtained by encrypting the land parcel data by the first server based on a public key. And decrypting the encrypted land block data based on a private key paired with the public key in the trusted execution environment, and marking the type of the land block crop on the imported remote sensing data based on a decryption result to obtain a remote sensing data sample. Model training is carried out in the trusted execution environment according to the remote sensing data sample, and the crop type identification model obtained through training is encrypted. And obtaining and storing the encryption model output by the trusted execution environment.

One or more embodiments of the present specification provide a storage medium storing computer-executable instructions that, when executed, implement the following: and receiving the public key generated by the trusted execution environment and transmitted by the second server. Encrypting the land parcel data according to the public key, and transmitting the encrypted land parcel data obtained by encryption to the second server. And obtaining an encryption identification result of the land parcel crop type of the target remote sensing data sent by the second server. The land crop type is obtained by the second server after crop type identification is carried out on the target remote sensing data transmitted by using a crop type identification model in the trusted execution environment; and the encryption identification result is obtained by encrypting the land parcel crop type by the trusted execution environment according to the public key. And decrypting the encrypted identification result by using a private key paired with the public key to obtain the land parcel crop type so as to determine the land parcel crop type corresponding to the land parcel marking data submitted by the user.

Drawings

For a clearer description of one or more embodiments of the present description or of the solutions of the prior art, the drawings that are needed in the description of the embodiments or of the prior art will be briefly described below, it being obvious that the drawings in the description that follow are only some of the embodiments described in the present description, from which other drawings can be obtained, without inventive faculty, for a person skilled in the art;

FIG. 1 is a process flow diagram of a data processing method based on remote sensing data according to one or more embodiments of the present disclosure;

FIG. 2 is a timing diagram of a data processing method based on telemetry data applied to a model training scenario according to one or more embodiments of the present disclosure;

FIG. 3 is a timing diagram of a data processing method based on remote sensing data applied to a remote sensing image recognition scene according to one or more embodiments of the present disclosure;

FIG. 4 is a process flow diagram of an identification data processing method based on remote sensing data according to one or more embodiments of the present disclosure;

FIG. 5 is a schematic diagram of a data processing apparatus based on remote sensing data according to one or more embodiments of the present disclosure;

FIG. 6 is a schematic diagram of an identification data processing device based on remote sensing data according to one or more embodiments of the present disclosure;

FIG. 7 is a schematic diagram of a data processing apparatus based on remote sensing data according to one or more embodiments of the present disclosure;

fig. 8 is a schematic structural diagram of an identification data processing device based on remote sensing data according to one or more embodiments of the present disclosure.

Detailed Description

In order to enable a person skilled in the art to better understand the technical solutions in one or more embodiments of the present specification, the technical solutions in one or more embodiments of the present specification will be clearly and completely described below with reference to the drawings in one or more embodiments of the present specification, and it is obvious that the described embodiments are only some embodiments of the present specification, not all embodiments. All other embodiments, which can be made by one or more embodiments of the present disclosure without inventive effort, are intended to be within the scope of the present disclosure.

The embodiment of a data processing method based on remote sensing data is provided in the specification:

referring to fig. 1, a processing flow chart of a data processing method based on remote sensing data provided by the present embodiment is shown, referring to fig. 2, a timing chart of a data processing method based on remote sensing data provided by the present embodiment is shown, and referring to fig. 3, a timing chart of a data processing method based on remote sensing data provided by the present embodiment is shown, which is applied to a model training scene.

Referring to fig. 1, the data processing method based on remote sensing data provided in the present embodiment is applied to a second server, and specifically includes steps S102 to S108.

Step S102, the encrypted land block data sent by the first server is obtained and is transmitted into a trusted execution environment.

In practical application, the combination of satellite remote sensing and artificial intelligence promotes the development and progress of agricultural technology, in the application process of agricultural technology, the data of peasant households are often involved, in order to protect the compliance requirement of peasant households' privacy data, the data processing method based on remote sensing data provided by the embodiment establishes TEE (Trusted Execution Environment ) through the organization domain storing remote sensing data, establishes a data joint calculation mode between the organization domain and the service domain, completes the training and identification of remote sensing data, protects the remote sensing data of the organization domain from leakage, and places the land parcel data of the service domain in the organization domain in an encrypted form, so that the organization domain cannot check the land parcel data of the service domain, calculates the remote sensing data of the organization domain and the land parcel data of the service domain in the encrypted form, sends the calculation result to the service domain in the organization domain, in particular, carries out model training by utilizing the remote sensing data of the organization domain and the land parcel data of the service domain, obtains a crop identification model, identifies the unknown crop type, and sends the identification result to the organization domain after encryption, so that the privacy protection data of the organization cannot leak the remote sensing data.

The first server in this embodiment is a server deployed in a service domain; the first server stores the land parcel data; the first server encrypts the land parcel data based on a public key to obtain the land parcel data; the land block data comprises position data of a land block and crop type data corresponding to the land block; the first server encrypts stored land block data according to a public key generated and transmitted by a TEE deployed in an institution domain, and transmits encrypted land block data obtained by encryption to the second server; the second server is a server deployed in an institution domain, and specifically comprises a data server and a trusted server; the data server refers to a server for storing remote sensing data; the trusted server is a server for deploying the TEE; further, the second server may include only the data server or the trusted server, in which case the TEE is deployed in the data server, and the remote sensing data is stored in the data server at a place other than the TEE; in the case where the second server comprises the trusted server, the telemetry data is stored in the trusted server at a location other than the TEE.

In a specific implementation, in order to ensure data privacy, avoid other mechanism domains from viewing data input into the TEE and output by the TEE, so that only the designated mechanism domain can view the data, in an optional implementation provided in this embodiment, before the encrypted land block data is obtained, the following steps are further executed:

generating a key pair in the trusted execution environment; the key pair includes the private key and the public key;

the trusted server acquires the public key output by the trusted execution environment and forwards the public key to the first server through the data server;

wherein the key pair is transmitted to the key server by the second server for storage after generation.

Specifically, the TEE generates a key pair including a public key and a private key and outputs the key pair to the trusted server, the trusted server transmits the generated public key to the first server of the service domain, so that the first server encrypts the stored parcel data according to the public key, and in order to be able to decrypt the encrypted identification result after receiving the encrypted identification result output by the TEE, the trusted server transmits the generated key to a third party server (key server) selected by the institution domain and the service domain together for storage, so that the first server makes a call.

In the process that the first server sends the encrypted parcel data to the second server, the encrypted parcel data is firstly sent to the data server, and then the data server sends the encrypted parcel data to the trusted server, and the trusted server sends the encrypted parcel data to the TEE. Firstly, the data server acquires the encrypted land block data sent by a first server and forwards the encrypted land block data to the trusted server; and the trusted server transmits the encrypted land block data to the trusted execution environment through a connection interface.

For example, the TEE generates an asymmetric public key private key pair and outputs the asymmetric public key pair to the trusted server, the trusted server sends the asymmetric public key to the data server and then the data server sends the asymmetric public key pair to the server of the service domain, in order to prevent the data server from sending other asymmetric public keys to cause leakage of the parcel data of the server of the service domain, the TEE and the server of the service domain are used to jointly monitor a transmission process of the asymmetric public key, the server of the service domain encrypts the parcel data by using the asymmetric public key and sends the encrypted parcel data to the data server, and the data server forwards the encrypted parcel data to the trusted server, and the server transmits the encrypted parcel data to the TEE through a PCI (Peripheral Component Interconnect, peripheral component interconnect standard) interface.

In specific implementation, model training is performed according to remote sensing data marked with crop types, in order to improve the efficiency of model training and reduce the processing of data in the model training process, the remote sensing data of unmarked crop types stored in a data server are required to be preprocessed, the remote sensing data obtained by preprocessing are transmitted to a TEE, and the complexity of data processing in the model training process is reduced.

Preprocessing initial remote sensing data in the data server to obtain the remote sensing data, and sending the remote sensing data to the trusted server;

the trusted server transmits the remote sensing data to the trusted execution environment through a connection interface;

the preprocessing of the initial remote sensing data comprises at least one of the following steps:

performing radiation correction on the initial remote sensing data, performing geometric correction on the initial remote sensing data, performing parameter extraction processing on the initial remote sensing data and/or performing classification processing on the initial remote sensing data.

For example, the data server in the institution domain eliminates or corrects the distortion of the remote sensing image caused by the radiation error, corrects and eliminates the distortion of the original image caused by factors such as photographic material deformation, objective lens distortion, atmospheric refraction, earth curvature, earth rotation, topography fluctuation and the like when the characteristics such as the geometric position, shape, size, orientation and the like of each feature on the original image are inconsistent with the expression requirements in the reference system through a series of models, performs parameter extraction on the remote sensing image obtained through radiation correction and geometric correction, extracts the cultivated land part in the remote sensing image, and sends the finally obtained remote sensing image to the trusted server, and then the trusted server transmits the remote sensing image to the TEE through the PCI interface.

The process that the data server sends the encrypted land parcel data to the trusted server and the process that the data server sends the remote sensing data to the trusted server can be that the data server sends the encrypted land parcel data to the trusted server first and then sends the remote sensing data; the data server may also preprocess the initial remote sensing data under the condition of receiving the encrypted land block data, and then send the remote sensing data obtained by the preprocessing and the encrypted land block data to the trusted server.

And step S104, decrypting the encrypted land block data in the trusted execution environment based on a private key paired with the public key, and marking the type of the land block crop on the incoming remote sensing data based on a decryption result to obtain a remote sensing data sample.

The land parcel crop type mark is a process of matching the crop type contained in the land parcel data with the remote sensing data according to the position information of the remote sensing data and the position information of the land parcel data.

In a specific implementation, after receiving the encrypted parcel data, the TEE needs to decrypt the encrypted parcel data to obtain parcel data, and in an alternative implementation provided in this embodiment, the encrypted parcel data is decrypted by:

Sending a private key inquiry request to a key server; the key server generates a private key viewing reminder based on the private key inquiry request and sends the private key viewing reminder to the first server;

acquiring the private key sent by the key server under the condition that the first server submits a confirmation instruction aiming at the private key viewing reminding submission;

decrypting the encrypted parcel data based on the private key.

Specifically, in order to ensure data privacy, a key pair generated by the TEE is stored in a key server selected by the institution domain and the service domain together, and in order to avoid private data disclosure caused by calling the key pair by other servers, the key pair can be called only under the condition that the institution domain and the service domain are confirmed; the key pair is generated by the TEE, or may be stored in both the TEE and the key server, and the TEE may perform processing such as decryption and encryption according to the stored key pair when the TEE needs to use the key pair, and the server on the service side may query the key server when the TEE needs to use the key pair.

For example, when the TEE receives the incoming encrypted parcel data, a private key query request is generated and output, the trusted server sends the private key query request to a third party server through the data server, the third party server sends a private key viewing reminder to a server of the service domain according to the private key query request, and sends an asymmetric private key to the trusted server and then the trusted server sends the asymmetric private key to the TEE when the server of the service domain submits a confirmation instruction for the private key viewing reminder. Wherein, in order to avoid the data server from decrypting the encrypted parcel data with the private key, the encrypted parcel data can be marked, the encrypted parcel data is set to be automatically deleted, and the encrypted parcel data is automatically deleted after the data server is detected to have sent the encrypted parcel data to the trusted server; the private key can be set with authority under the condition that the private key is sent by the key server, and the private key data can be accessed only by the authority.

In practical application, for a service domain providing agricultural technology service, in order to reduce service cost and promote popularization and promotion of agricultural technology, the service domain needs to cooperate with a data operation mechanism domain similar to a resource satellite center, specifically, the service domain uses a full-scale download server established abroad to download remote sensing images, and then the remote sensing images are accelerated to be copied to China through an OSS (Object Storage Service, an Arian object storage service) and then are analyzed by combining land data, but the data download needs to consume storage and bandwidth cost; in a domestic satellite scene, remote sensing data does not establish a commercial download platform, so that the problem of non-compliance exists in acquiring the remote sensing data from an organization domain for managing the remote sensing data, even if the remote sensing data can be acquired from the organization domain, resources, broadband and data purchase cost are consumed, and in addition, if land parcel data of a service domain are sent to the organization domain for calculation, the data privacy rights of the service domain are violated, and the remote sensing data are still non-compliance.

In this embodiment, by deploying a TEE in an organization domain, sending land parcel data of a service domain to the TEE in an encrypted form, sending remote sensing data of the organization domain to the TEE, training a model with crop type recognition capability in the TEE, recognizing the remote sensing data by using the obtained crop type recognition model, and finally sending an encrypted recognition result to the service domain, thereby ensuring that the data of the organization domain cannot go out of the domain and ensuring the security of the data of the outgoing domain.

In a specific implementation, after decrypting the encrypted land parcel data to obtain the land parcel data, in order to train a model with crop type recognition capability, a remote sensing data sample is required to be determined according to the land parcel data and the remote sensing data, and then model training is performed according to the remote sensing data sample, in an alternative implementation provided in this embodiment, the remote sensing data sample is obtained by the following manner:

performing position matching on the land parcel data and the remote sensing data based on the position information in the land parcel data and the position information in the remote sensing data obtained through decryption;

and marking the crop types at the remote sensing plots successfully matched according to the crop type information in the plot data.

Specifically, first, position matching is performed according to the land parcel data and the remote sensing data, that is, the position in the land parcel data corresponds to the position on the remote sensing data, and under the condition of position matching, the crop type information in the land parcel information is marked as the crop type information of the remote sensing data corresponding to the position, so as to obtain a remote sensing data sample.

It should be noted that, the marking of the land parcel type of the remote sensing data based on the decryption result may be performed by the TEE; after the TEE decrypts the encrypted land block data, marking the type of the land block crop on the basis of the decryption result on the input remote sensing data to obtain a remote sensing data sample; in addition, after the TEE decrypts the encrypted land block data, the decryption result and the remote sensing data are input into the model, the model performs land block crop type marking on the input remote sensing data based on the decryption result to obtain a remote sensing data sample, and then model training is performed according to the remote sensing data sample.

For example, the TEE decrypts the encrypted land block data according to the private key sent by the key server to obtain the land block data, inputs the land block data and the remote sensing data into a U-Net model, and the U-Net model performs semantic segmentation on the remote sensing image according to the land block data to obtain a remote sensing data sample.

And step S106, performing model training according to the remote sensing data sample in the trusted execution environment, and encrypting a crop type identification model obtained by training.

The crop type recognition model is a model with accuracy and recall rate which are obtained by training the remote sensing data sample and meet preset conditions, such as a U-Net model obtained by training.

In a specific implementation, in order to make the recognition result of the crop type recognition model more accurate and more effective, after training a model meeting a certain accuracy and recall, the model is used as the crop type recognition model, and in an alternative implementation provided in this embodiment, model training is specifically performed by the following manner:

dividing the remote sensing data sample into a training sample set and a test sample set;

model training is carried out based on the training sample set to obtain at least one candidate model;

inputting the test sample set into the candidate models, and determining the evaluation parameters of each candidate model according to the identification result of each candidate model;

And determining candidate models with evaluation parameters meeting preset conditions as the crop type identification models.

In order to improve the model training efficiency, the AI accelerator in the TEE is called to make the model training process more efficient.

For example, the remote sensing data samples are divided into training sample set test sample sets according to a certain proportion, at least one candidate U-Net model is trained by utilizing the training sample sets, the test sample sets are input into each candidate U-Net model, the accuracy and recall rate of each candidate U-Net model are obtained, and the candidate U-Net models with the accuracy and recall rate being larger than those of other candidate U-Net models are determined to be used as crop type recognition models for crop type recognition.

In order to further ensure the security of the private data and prevent the private data from being revealed, the obtained crop type recognition model is stored in an encrypted form, and the trained crop type recognition model can be reloaded after the power failure is convenient, so that the crop type recognition model is prevented from being lost due to the power failure, the resource loss caused by repeated model training is avoided, and after the crop type recognition model is obtained through TEE training, the generated public key is firstly utilized to encrypt the crop type recognition model, and then the encrypted model is output.

Step S108, the encryption model output by the trusted execution environment is obtained and stored.

In the implementation, the trusted server stores the encryption model after acquiring the encryption model. In addition, after the trusted server obtains the encryption model, the encryption model can be sent to the server of the service domain through the data server, so that the service domain can identify the crop type of the obtained remote sensing data. Specifically, after the server of the service domain obtains the encryption model, the server invokes the private key stored in the key server to decrypt the encryption model, and stores the crop type identification model obtained by decryption.

After training to obtain the crop type recognition model, the crop type recognition model may be used to perform crop type recognition on the remote sensing data without the crop type, and in an alternative implementation provided in this embodiment, if the remote sensing data without the crop type is detected, the following steps are performed:

preprocessing initial target remote sensing data to obtain target remote sensing data, and loading the encryption model;

transmitting the encryption model and the target remote sensing data to the trusted execution environment;

decrypting the encryption model in the trusted execution environment, and identifying the crop type of the target remote sensing data according to the crop type identification model obtained by decryption.

In an optional implementation manner provided in this embodiment, in a process of preprocessing initial remote sensing data to be identified to obtain remote sensing data to be identified and loading the encryption model, first, preprocessing initial target remote sensing data in the data server, and sending target remote sensing data obtained by preprocessing to the trusted server; the trusted server loads the encryption model under the condition that the target remote sensing data is received; after the trusted server loads and obtains the encryption model, the encryption model and the target remote sensing data are both transmitted into the TEE, the TEE decrypts the encryption model by using the private key, and the target remote sensing data is input into the crop type identification model obtained by decryption.

Further, in an optional implementation manner provided in this embodiment, after the target remote sensing data is input into the crop type identification model obtained by decryption, the identified land crop type is encrypted in the trusted execution environment and output to the trusted server; the trusted server receives the encryption identification result and forwards the encryption identification result to the first server through a data server.

For example, in the model training stage, the input remote sensing data sample is obtained by performing semantic segmentation processing on the remote sensing data corresponding to the province P and the land block data, after the crop type recognition model is obtained, the national remote sensing data is required to be recognized, then the data server performs preprocessing on the national remote sensing data, the preprocessed remote sensing data is sent to the trusted server, after the remote sensing data is received, the trusted server loads the encryption model, the loaded encryption model and the remote sensing data are transmitted to the TEE through the PCI interface, the TEE decrypts the encryption model according to the generated asymmetric private key, the remote sensing data is input into the crop type recognition model obtained by decryption, after the crop type recognition module outputs the recognition result, in order to avoid the data server from checking the recognition result, the TEE encrypts and outputs the land block crop type obtained by recognition by using the generated asymmetric public key, and after the trusted server obtains the encryption recognition result, the encryption recognition result is sent to the server of the service domain.

In a specific implementation, after receiving the encrypted identification result, the first server cannot view the real identification result, and needs to decrypt and view the encrypted identification result, and in an alternative implementation provided in this embodiment, after receiving the encrypted identification result, the first server further performs the following operations:

sending a private key inquiry request to a key server;

acquiring the private key generated by the trusted execution environment and sent by the key server under the condition of receiving a confirmation instruction of a second server;

decrypting the encryption identification result based on the private key, and storing the land parcel crop type corresponding to the target remote sensing data obtained through decryption.

Specifically, after storing target remote sensing data and corresponding land parcel crop types, if target land parcel marking data submitted by a target user is detected, inquiring the target crop types corresponding to the target land parcel marking data according to the land parcel crop types; and determining a target service quota based on the target crop type and issuing the target service quota to the target user. The remote sensing method comprises the steps of firstly determining a corresponding remote sensing position according to position information of target land parcel marking data, then inquiring land parcel crop types corresponding to the remote sensing position, taking the inquired land parcel crop types as land parcel crop types corresponding to the target land parcel marking data, and determining target service quota corresponding to the land parcel crop types according to preset service rules to be issued to target users.

The following further describes the data processing method based on remote sensing data provided in this embodiment by taking the application of the data processing method based on remote sensing data provided in this embodiment to a model training scene as an example, and referring to fig. 2, the data processing method based on remote sensing data applied to the model training scene includes the following steps.

In step S206, the data server performs preprocessing on the initial remote sensing image when receiving the encrypted land block data.

Before that, the service domain server encrypts the parcel data according to the asymmetric public key generated by the trusted server, and sends the encrypted parcel data to the data server.

In step S208, the data server sends the encrypted land block data and the remote sensing image obtained by preprocessing to the trusted server, and the trusted server transmits the encrypted land block data and the remote sensing image to the TEE.

The TEE is deployed in the trusted server; both the trusted server and the data server are deployed in the organization domain.

In step S210, the TEE decrypts the encrypted parcel data according to the generated asymmetric private key.

And S212, inputting the decryption result and the remote sensing image into a model, and carrying out semantic segmentation on the remote sensing image in the model according to the decryption result to obtain a remote sensing image sample.

Step S214, performing model training based on the remote sensing image sample to obtain a crop type recognition model.

Step S216, encrypting the crop species identification model by using the generated asymmetric public key.

Step S218, the encryption model obtained by encryption is sent to a trusted server and stored.

The TEE training is used for obtaining a crop type recognition model, encrypting the crop type recognition model to obtain an encryption model, and outputting the encryption model to a trusted server for storage.

The following further describes the data processing method based on remote sensing data provided in this embodiment by taking the application of the data processing method based on remote sensing data provided in this embodiment to a remote sensing image recognition scene as an example, and referring to fig. 3, the data processing method based on remote sensing data applied to a remote sensing image recognition scene includes the following steps.

In step S302, the data server performs preprocessing on the target remote sensing image under the condition that the target remote sensing image is detected, and sends the processed target remote sensing image to the trusted server.

In step S304, the trusted server loads the encryption model and transmits the target remote sensing image and the encryption model to the TEE.

In step S306, the TEE decrypts the encrypted model with the asymmetric private key to obtain the crop type identification model.

Step S308, inputting the target remote sensing image into a crop type recognition model to recognize the crop type, and obtaining the land crop type.

And step S310, encrypting the land parcel crop types by using the asymmetric public key, and transmitting an encrypted identification result obtained by encryption to a data server through a trusted server.

In step S312, the data server transmits the encryption identification result to the service domain server.

And then, the service domain server decrypts the encrypted identification result by using the asymmetric private key and stores the decrypted land parcel crop type.

In summary, in the data processing method based on remote sensing data provided in this embodiment, firstly, encrypted parcel data obtained by encrypting parcel data according to a public key generated by a trusted execution environment and sent to the trusted execution environment is obtained, then the encrypted parcel data is decrypted in the trusted execution environment based on a private key paired with the public key, and the incoming remote sensing data is marked with a parcel crop type based on the decryption result, so as to obtain a remote sensing data sample, then the remote sensing data sample is subjected to model training in the trusted execution environment, the obtained crop type recognition model is encrypted, and finally, the encryption model output by the trusted execution environment is obtained and stored, so that the remote sensing data is subjected to crop type recognition by using the encryption model, the security of the remote sensing data is protected by the remote sensing data of an organization domain, the cost of purchasing the remote sensing data is reduced, and the data is transmitted in an encrypted form in the data processing process, so as to avoid data leakage.

The specification provides an identification data processing method embodiment based on remote sensing data:

referring to fig. 4, a process flow chart of an identification data processing method based on remote sensing data provided by the present embodiment is shown, referring to fig. 2, a time chart of a data processing method based on remote sensing data provided by the present embodiment is shown, and referring to fig. 3, a time chart of an identification data processing method based on remote sensing data provided by the present embodiment is shown.

Referring to fig. 4, the identification data processing method based on remote sensing data provided in the present embodiment is applied to a first server, and specifically includes the following steps S402 to S408.

Step S402, a public key generated by the trusted execution environment and sent by the second server is received.

The first server in this embodiment is a server deployed in a service domain; the first server stores the land parcel data; the first server encrypts stored land block data according to a public key generated and transmitted by a TEE deployed in an institution domain, and transmits encrypted land block data obtained by encryption to the second server; the second server is a server deployed in an institution domain, and specifically comprises a data server and a trusted server; the data server refers to a server for storing remote sensing data; the trusted server is a server for storing the TEE; furthermore, the second server may include only one between the data server and the trusted server, and the TEE may be directly stored in the data server storing remote sensing data; the telemetry data may also be stored in a trusted server hosting the TEE.

In specific implementation, in order to ensure data privacy, avoid other mechanism domains from viewing data input into the TEE and output by the TEE, so that only the designated mechanism domain can view the data, in an optional implementation provided in this embodiment, the key pair is obtained in the following manner:

And step S404, encrypting the land parcel data according to the public key, and transmitting the encrypted land parcel data obtained by encryption to the second server.

The first server encrypts the land parcel data based on a public key to obtain the land parcel data; the land parcel data comprises position data of a land parcel and crop type data corresponding to the land parcel.

In specific implementation, after the encrypted land block data is sent to the second server, the second server performs model training according to the encrypted land block data and the pre-stored remote sensing data, so that crop type identification can be performed by using a crop type identification model obtained through training. In an optional implementation manner provided in this embodiment, the crop species identification model is obtained by:

acquiring encrypted land block data sent by a first server and transmitting the encrypted land block data into a trusted execution environment; the encrypted land parcel data is obtained by encrypting the land parcel data by the first server based on a public key;

decrypting the encrypted land block data based on a private key paired with the public key in the trusted execution environment, and marking the type of the land block crop on the imported remote sensing data based on a decryption result to obtain a remote sensing data sample;

and performing model training in the trusted execution environment according to the remote sensing data sample to obtain the crop type identification model.

In specific implementation, the trusted server performs model training according to remote sensing data marked with crop types, in order to improve the efficiency of model training and reduce the processing of data in the model training process, the remote sensing data of untagged crop types stored in the data server needs to be preprocessed, the remote sensing data obtained by preprocessing is then transmitted into the TEE, and the complexity of data processing in the model training process is reduced, wherein the remote sensing data is transmitted into the TEE in the following manner:

The process of sending the encrypted land block data to the trusted server by the data server and the process of sending the remote sensing data to the trusted server can be to send the encrypted land block data to the trusted server first and then send the remote sensing data; or under the condition of receiving the encrypted land block data, preprocessing the initial remote sensing data, and then transmitting the remote sensing data obtained by preprocessing and the encrypted land block data to a trusted server.

In particular, after receiving the encrypted parcel data, the TEE needs to decrypt the encrypted parcel data to obtain parcel data, and specifically decrypts the encrypted parcel data by:

decrypting the encrypted parcel data based on the private key.

In the specific implementation, after decrypting the encrypted land parcel data to obtain the land parcel data, in order to be able to train a model with the capability of identifying the type of the crop at the position, a remote sensing data sample is required to be determined according to the land parcel data and the remote sensing data, and then model training is performed according to the remote sensing data sample, wherein the remote sensing data sample is obtained specifically by the following method:

In specific implementation, in order to make the recognition result of the crop type recognition model more accurate and more effective, after training a model meeting a certain accuracy and recall rate, the model is used as the crop type recognition model, wherein the model training is specifically performed by the following modes:

After training to obtain the crop type recognition model, the crop type recognition model may be used to perform crop type recognition on remote sensing data not marked with a crop type, and in an optional implementation manner provided in this embodiment, if the second server detects the target remote sensing data, the second server obtains an encrypted recognition result of a land crop type of the target remote sensing data by:

decrypting the encryption model in the trusted execution environment, and identifying the crop type of the target remote sensing data according to the crop type identification model obtained by decryption;

encrypting the land parcel crop types obtained through identification in the trusted execution environment and outputting the encrypted land parcel crop types to the trusted server;

the trusted server receives the encryption identification result and forwards the encryption identification result to the first server through a data server.

In the process that the second server preprocesses initial remote sensing data to be recognized to obtain the remote sensing data to be recognized and loads the encryption model, preprocessing initial target remote sensing data in the data server, and sending the target remote sensing data obtained by preprocessing to the trusted server; the trusted server loads the encryption model under the condition that the target remote sensing data is received; after the trusted server loads and obtains the encryption model, the encryption model and the target remote sensing data are both transmitted into the TEE, the TEE decrypts the encryption model by using the private key, and the target remote sensing data is input into the crop type identification model obtained by decryption.

Further, the trusted execution environment encrypts the identified land crop types in the trusted execution environment and outputs the encrypted land crop types to the trusted server after inputting the target remote sensing data into the decrypted crop type identification model; the trusted server receives the encryption identification result and forwards the encryption identification result to the first server through the data server.

Step S406, obtaining an encrypted identification result of the land parcel crop type of the target remote sensing data sent by the second server.

The land crop type is obtained by the second server after crop type identification is carried out on the target remote sensing data transmitted by using a crop type identification model in the trusted execution environment; and the encryption identification result is obtained by encrypting the land parcel crop type by the trusted execution environment according to the public key.

And step S408, decrypting the encrypted identification result by using a private key matched with the public key to obtain the type of the land parcel, so as to determine the type of the land parcel corresponding to the land parcel marking data submitted by the user.

In a specific implementation, after receiving the encrypted identification result, the first server cannot view the real identification result, and needs to decrypt the encrypted identification result and then view the encrypted identification result, and in an optional implementation provided in this embodiment, the process of decrypting the encrypted identification result by using the private key paired with the public key is implemented by executing the following steps:

sending an identification private key inquiry request to a key server;

acquiring a private key generated by the trusted execution environment and sent by the key server under the condition that a confirmation instruction of a second server is received;

Decrypting the encryption identification result based on the private key, and storing the decrypted land parcel crop type.

Specifically, after the first server stores the target remote sensing data and the corresponding land parcel crop types, in the optional implementation manner provided in this embodiment, if the target land parcel marking data submitted by the target user is detected, the target crop types corresponding to the target land parcel marking data are queried according to the land parcel crop types; and determining a target service quota based on the target crop type and issuing the target service quota to the target user. The remote sensing method comprises the steps of firstly determining a corresponding remote sensing position according to position information of target land parcel marking data, then inquiring land parcel crop types corresponding to the remote sensing position, taking the inquired land parcel crop types as land parcel crop types corresponding to the target land parcel marking data, and determining target service quota corresponding to the land parcel crop types according to preset service rules to be issued to target users.

The following further describes the remote sensing data based identification data processing method provided in this embodiment by taking the application of the remote sensing data based identification data processing method provided in this embodiment to a model training scene as an example, and referring to fig. 2, the remote sensing data based identification data processing method applied to the model training scene includes the following steps.

In step S202, the service domain server encrypts the parcel data according to the asymmetric public key generated by the trusted server.

Step S204, the encrypted land block data is sent to a data server.

After that, the data server carries out preprocessing on the initial remote sensing image under the condition that the encrypted land block data is received, the data server sends the encrypted land block data and the remote sensing image obtained through preprocessing to the trusted server, the trusted server sends the encrypted land block data into the TEE, the TEE decrypts the encrypted land block data according to the generated asymmetric private key, the decryption result and the remote sensing image are input into a model, the remote sensing image is subjected to semantic segmentation according to the decryption result in the model to obtain a remote sensing image sample, model training is carried out based on the remote sensing image sample to obtain a crop type identification model, the generated asymmetric public key is used for encrypting the crop type identification model, and the encrypted model obtained through encryption is sent to the trusted server and is stored.

The following further describes the remote sensing data-based identification data processing method provided in this embodiment, referring to fig. 3, by taking an application of the remote sensing data-based identification data processing method provided in this embodiment to a remote sensing image identification scene as an example, the remote sensing data-based identification data processing method applied to a remote sensing image identification scene includes the following steps.

In step S314, the service domain server decrypts the encrypted identification result by using the asymmetric private key, and stores the decrypted land parcel crop variety.

Before the method, under the condition that the target remote sensing image is detected, the data server carries out preprocessing on the target remote sensing image, the processed target remote sensing image is sent to the trusted server, the trusted server loads an encryption model, the target remote sensing image and the encryption model are transmitted into the TEE, the TEE decrypts the encryption model by using an asymmetric private key to obtain a crop type identification model, the target remote sensing image is input into the crop type identification model to carry out crop type identification, the type of the land parcel crop is obtained, the type of the land parcel crop is encrypted by using an asymmetric public key, an encrypted identification result obtained by encryption is sent to the data server by the trusted server, and the data server sends the encrypted identification result to the service domain server.

In summary, in the identification data processing method based on remote sensing data provided in this embodiment, firstly, a public key generated by a trusted execution environment and sent by a second server is received, then, the encrypted parcel data obtained by encryption is encrypted according to the public key and sent to the second server, then, the encrypted identification result of the parcel type of the target remote sensing data sent by the second server is obtained, finally, the encrypted identification result is decrypted by using a private key paired with the public key to obtain the parcel type, so as to determine the parcel type corresponding to parcel labeling data submitted by a user, and thus, the data of the organization domain and the service domain are jointly calculated under the condition that the data of the organization domain and the service domain are not leaked outwards.

An embodiment of a data processing device based on remote sensing data provided in the present specification is as follows:

in the foregoing embodiments, a data processing method based on remote sensing data is provided, and a data processing device based on remote sensing data is provided correspondingly, which will be described with reference to the accompanying drawings.

Referring to fig. 5, a schematic diagram of a data processing device based on remote sensing data according to the present embodiment is shown.

Since the apparatus embodiments correspond to the method embodiments, the description is relatively simple, and the relevant portions should be referred to the corresponding descriptions of the method embodiments provided above. The device embodiments described below are merely illustrative.

The embodiment provides a data processing device based on remote sensing data, which comprises:

an obtaining module 502, configured to obtain the encrypted parcel data sent by the first server and send the encrypted parcel data to the trusted execution environment; the encrypted land parcel data is obtained by encrypting the land parcel data by the first server based on a public key;

a decryption module 504, configured to decrypt the encrypted land block data based on a private key paired with the public key in the trusted execution environment, and perform land block crop type marking on the incoming remote sensing data based on a decryption result, to obtain a remote sensing data sample;

A training module 506 configured to perform model training according to the remote sensing data sample in the trusted execution environment, and encrypt a crop species identification model obtained by training;

a storage module 508 configured to obtain and store an encryption model of the trusted execution environment output.

The embodiment of the identification data processing device based on remote sensing data provided in the specification is as follows:

in the foregoing embodiments, a method for processing identification data based on remote sensing data is provided, and an apparatus for processing identification data based on remote sensing data is provided correspondingly, which will be described with reference to the accompanying drawings.

Referring to fig. 6, a schematic diagram of an identification data processing device based on remote sensing data according to the present embodiment is shown.

The present embodiment provides an identification data processing device based on remote sensing data, including:

a receiving module 602 configured to receive a public key generated by the trusted execution environment and sent by the second server;

An encryption module 604 configured to encrypt the parcel data according to the public key, and transmit the encrypted parcel data obtained by the encryption to the second server;

an obtaining module 606, configured to obtain an encrypted identification result of the land parcel crop type of the target remote sensing data sent by the second server; the land crop type is obtained by the second server after crop type identification is carried out on the target remote sensing data transmitted by using a crop type identification model in the trusted execution environment; the encryption recognition result is obtained by encrypting the land parcel crop variety by the trusted execution environment according to the public key;

and the decryption module 608 is configured to decrypt the encrypted identification result by using a private key paired with the public key to obtain the type of the land parcel, so as to determine the type of the land parcel corresponding to the land parcel marking data submitted by the user.

in response to the foregoing description of a data processing method based on remote sensing data, based on the same technical concept, one or more embodiments of the present disclosure further provide a data processing device based on remote sensing data, where the data processing device based on remote sensing data is configured to perform the foregoing provided data processing method based on remote sensing data, and fig. 7 is a schematic structural diagram of a data processing device based on remote sensing data provided by one or more embodiments of the present disclosure.

The data processing device based on remote sensing data provided in this embodiment includes:

as shown in fig. 7, the data processing device based on telemetry data may have a relatively large difference due to different configurations or performances, and may include one or more processors 701 and a memory 702, where the memory 702 may store one or more storage applications or data. Wherein the memory 702 may be transient storage or persistent storage. The application programs stored in the memory 702 may include one or more modules (not shown) each of which may include a series of computer executable instructions in a telemetry-based data processing apparatus. Still further, the processor 701 may be configured to communicate with the memory 702 and execute a series of computer executable instructions in the memory 702 on a telemetry data based data processing apparatus. The telemetry-based data processing device may also include one or more power sources 703, one or more wired or wireless network interfaces 704, one or more input/output interfaces 705, one or more keyboards 706, and the like.

In a particular embodiment, a telemetry-based data processing apparatus includes a memory, and one or more programs, wherein the one or more programs are stored in the memory, and the one or more programs may include one or more modules, and each module may include a series of computer-executable instructions for the telemetry-based data processing apparatus, and the execution of the one or more programs by the one or more processors comprises computer-executable instructions for:

model training is carried out according to the remote sensing data sample in the trusted execution environment, and a crop type identification model obtained through training is encrypted;

and obtaining and storing the encryption model output by the trusted execution environment.

in response to the foregoing description of a method for processing identification data based on remote sensing data, based on the same technical concept, one or more embodiments of the present disclosure further provide an identification data processing device based on remote sensing data, where the identification data processing device based on remote sensing data is used to execute the foregoing provided method for processing identification data based on remote sensing data, and fig. 8 is a schematic structural diagram of an identification data processing device based on remote sensing data provided by one or more embodiments of the present disclosure.

The identification data processing device based on remote sensing data provided in this embodiment includes:

as shown in fig. 8, the remote sensing data based identification data processing apparatus may have a relatively large difference due to different configurations or performances, and may include one or more processors 801 and a memory 802, where one or more storage applications or data may be stored in the memory 802. Wherein the memory 802 may be transient storage or persistent storage. The application program stored in the memory 802 may include one or more modules (not shown), each of which may include a series of computer-executable instructions for identifying the data processing apparatus based on telemetry data. Still further, the processor 801 may be configured to communicate with the memory 802 and execute a series of computer executable instructions in the memory 802 on the telemetry-based identification data processing device. The telemetry-based identification data processing device may also include one or more power sources 803, one or more wired or wireless network interfaces 804, one or more input/output interfaces 805, one or more keyboards 806, and the like.

In a specific embodiment, the telemetry-based identification data processing device includes a memory, and one or more programs, wherein the one or more programs are stored in the memory, and the one or more programs may include one or more modules, and each module may include a series of computer-executable instructions for the telemetry-based identification data processing device, and configured for execution by the one or more processors, the one or more programs comprising computer-executable instructions for:

receiving a public key generated by a trusted execution environment and sent by a second server;

encrypting the land parcel data according to the public key, and transmitting the encrypted land parcel data obtained by encryption to the second server;

obtaining an encryption identification result of the land parcel crop type of the target remote sensing data sent by the second server; the land crop type is obtained by the second server after crop type identification is carried out on the target remote sensing data transmitted by using a crop type identification model in the trusted execution environment; the encryption recognition result is obtained by encrypting the land parcel crop variety by the trusted execution environment according to the public key;

And decrypting the encrypted identification result by using a private key paired with the public key to obtain the land parcel crop type so as to determine the land parcel crop type corresponding to the land parcel marking data submitted by the user.

An embodiment of a storage medium provided in the present specification is as follows:

in response to the foregoing description of a data processing method based on remote sensing data, one or more embodiments of the present disclosure further provide a storage medium based on the same technical concept.

The storage medium provided in this embodiment is configured to store computer executable instructions, where the computer executable instructions when executed implement the following procedures:

It should be noted that, in the present specification, the embodiment about the storage medium and the embodiment about the data processing method based on the remote sensing data are based on the same inventive concept, so that the specific implementation of this embodiment may refer to the implementation of the corresponding method, and the repetition is omitted.

in response to the above description of an identification data processing method based on remote sensing data, one or more embodiments of the present disclosure further provide a storage medium based on the same technical concept.

It should be noted that, in the present specification, the embodiment about the storage medium and the embodiment about the identification data processing method based on the remote sensing data are based on the same inventive concept, so that the specific implementation of this embodiment may refer to the implementation of the foregoing corresponding method, and the repetition is omitted.

The foregoing describes specific embodiments of the present disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims can be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing are also possible or may be advantageous.

In the 30 s of the 20 th century, improvements to one technology could clearly be distinguished as improvements in hardware (e.g., improvements to circuit structures such as diodes, transistors, switches, etc.) or software (improvements to the process flow). However, with the development of technology, many improvements of the current method flows can be regarded as direct improvements of hardware circuit structures. Designers almost always obtain corresponding hardware circuit structures by programming improved method flows into hardware circuits. Therefore, an improvement of a method flow cannot be said to be realized by a hardware entity module. For example, a programmable logic device (Programmable Logic Device, PLD) (e.g., field programmable gate array (Field Programmable Gate Array, FPGA)) is an integrated circuit whose logic function is determined by the programming of the device by a user. A designer programs to "integrate" a digital system onto a PLD without requiring the chip manufacturer to design and fabricate application-specific integrated circuit chips. Moreover, nowadays, instead of manually manufacturing integrated circuit chips, such programming is mostly implemented by using "logic compiler" software, which is similar to the software compiler used in program development and writing, and the original code before the compiling is also written in a specific programming language, which is called hardware description language (Hardware Description Language, HDL), but not just one of the hdds, but a plurality of kinds, such as ABEL (Advanced Boolean Expression Language), AHDL (Altera Hardware Description Language), confluence, CUPL (Cornell University Programming Language), HDCal, JHDL (Java Hardware Description Language), lava, lola, myHDL, PALASM, RHDL (Ruby Hardware Description Language), etc., VHDL (Very-High-Speed Integrated Circuit Hardware Description Language) and Verilog are currently most commonly used. It will also be apparent to those skilled in the art that a hardware circuit implementing the logic method flow can be readily obtained by merely slightly programming the method flow into an integrated circuit using several of the hardware description languages described above.

The controller may be implemented in any suitable manner, for example, the controller may take the form of, for example, a microprocessor or processor and a computer readable medium storing computer readable program code (e.g., software or firmware) executable by the (micro) processor, logic gates, switches, application specific integrated circuits (Application Specific Integrated Circuit, ASIC), programmable logic controllers, and embedded microcontrollers, examples of which include, but are not limited to, the following microcontrollers: ARC625D, atmel AT91SAM, microchip PIC18F26K20, and Silicone Labs C8051F320, the memory controller may also be implemented as part of the control logic of the memory. Those skilled in the art will also appreciate that, in addition to implementing the controller in a pure computer readable program code, it is well possible to implement the same functionality by logically programming the method steps such that the controller is in the form of logic gates, switches, application specific integrated circuits, programmable logic controllers, embedded microcontrollers, etc. Such a controller may thus be regarded as a kind of hardware component, and means for performing various functions included therein may also be regarded as structures within the hardware component. Or even means for achieving the various functions may be regarded as either software modules implementing the methods or structures within hardware components.

The system, apparatus, module or unit set forth in the above embodiments may be implemented in particular by a computer chip or entity, or by a product having a certain function. One typical implementation is a computer. In particular, the computer may be, for example, a personal computer, a laptop computer, a cellular telephone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device, or a combination of any of these devices.

For convenience of description, the above devices are described as being functionally divided into various units, respectively. Of course, the functions of each unit may be implemented in the same piece or pieces of software and/or hardware when implementing the embodiments of the present specification.

One skilled in the relevant art will recognize that one or more embodiments of the present description may be provided as a method, system, or computer program product. Accordingly, one or more embodiments of the present description may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present description can take the form of a computer program product on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.

The present description is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the specification. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus based on telemetry data to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

In one typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory. The memory may include volatile memory in a computer-readable medium, random Access Memory (RAM) and/or nonvolatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of computer-readable media.

Computer readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of storage media for a computer include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape disk storage or other magnetic storage devices, or any other non-transmission medium, which can be used to store information that can be accessed by a computing device. Computer-readable media, as defined herein, does not include transitory computer-readable media (transmission media), such as modulated data signals and carrier waves.

It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article or apparatus that comprises the element. One or more embodiments of the present specification may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. One or more embodiments of the specification may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices. In this specification, each embodiment is described in a progressive manner, and identical and similar parts of each embodiment are all referred to each other, and each embodiment mainly describes differences from other embodiments. In particular, for system embodiments, since they are substantially similar to method embodiments, the description is relatively simple, as relevant to see a section of the description of method embodiments.

The foregoing description is by way of example only and is not intended to limit the present disclosure. Various modifications and changes may occur to those skilled in the art. Any modifications, equivalent substitutions, improvements, etc. that fall within the spirit and principles of the present document are intended to be included within the scope of the claims of the present document.

Claims

1. A data processing method based on remote sensing data, applied to a second server deployed in an institution domain, the method comprising:

acquiring encrypted land block data sent by a first server and transmitting the encrypted land block data into a trusted execution environment; the first server is deployed in a service domain;

decrypting the encrypted land block data in the trusted execution environment, and marking the type of the land block crop on the incoming remote sensing data based on the decryption result to obtain a remote sensing data sample;

2. The remote sensing data based data processing method of claim 1, the second server comprising a data server and a trusted server, the data server and the trusted server being deployed in an organization domain.

3. The remote sensing data-based data processing method according to claim 2, wherein the step of acquiring the encrypted parcel data sent by the first server and transmitting the encrypted parcel data to the trusted execution environment comprises the steps of:

the data server acquires the encrypted land parcel data sent by the first server and forwards the encrypted land parcel data to the trusted server;

the trusted server transmits the encrypted parcel data to the trusted execution environment through a connection interface.

4. The remote sensing data based data processing method according to claim 2, wherein the decrypting the encrypted land parcel data in the trusted execution environment, and performing land parcel type marking on the incoming remote sensing data based on the decryption result, further comprises, before the performing of the obtaining the remote sensing data sample step:

5. The remote sensing data-based data processing method according to claim 2, wherein before the step of acquiring the encrypted parcel data sent by the first server and transmitting the encrypted parcel data to the trusted execution environment is performed, the method further comprises:

generating a key pair in the trusted execution environment; the key pair comprises a private key and a public key;

6. The remote sensing data-based data processing method according to claim 1, wherein the performing of the land parcel type marking on the incoming remote sensing data based on the decryption result comprises:

7. The remote sensing data based data processing method of claim 1, the model training in the trusted execution environment from the remote sensing data samples, comprising:

8. The remote sensing data based data processing method of claim 1, said decrypting the encrypted parcel data in the trusted execution environment, comprising:

decrypting the encrypted parcel data based on the private key.

9. The remote sensing data based data processing method according to claim 2, further comprising, after the step of obtaining and storing the encryption model output by the trusted execution environment is performed:

10. The remote sensing data-based data processing method according to claim 9, wherein after decrypting the encryption model in the trusted execution environment and performing the crop species identification step on the target remote sensing data according to the crop species identification model obtained by decryption, further comprising:

11. The remote sensing data-based data processing method according to claim 9, wherein the preprocessing the initial target remote sensing data to obtain target remote sensing data, and loading the encryption model, includes:

Preprocessing initial target remote sensing data in the data server, and transmitting the target remote sensing data obtained by preprocessing to the trusted server;

the trusted server loads the encryption model under the condition that the target remote sensing data is received.

12. The data processing method based on remote sensing data according to claim 10, wherein after the first server receives the encrypted identification result, the following operations are performed:

sending a private key inquiry request to a key server;

13. An identification data processing method based on remote sensing data is applied to a first server deployed in a service domain, and the method comprises the following steps:

receiving a public key generated by a trusted execution environment and sent by a second server; the second server is deployed in the mechanism domain;

14. The remote sensing data based identification data processing method of claim 13, further comprising:

if target land parcel labeling data submitted by a target user is detected, inquiring a target crop type corresponding to the target land parcel labeling data according to the land parcel crop type;

and determining a target service quota based on the target crop type and issuing the target service quota to the target user.

15. The remote sensing data-based identification data processing method according to claim 13, wherein decrypting the encrypted identification result with a private key paired with the public key to obtain the land parcel category comprises:

Sending an identification private key inquiry request to a key server;

16. The remote sensing data based identification data processing method of claim 13, the second server comprising a data server and a trusted server, the data server and the trusted server being deployed in an institutional domain;

the public key and the private key are key pairs generated for the trusted execution environment; the key pair is sent to a key server for storage by the second server after generation.

17. The remote sensing data based identification data processing method according to claim 16, wherein the second server acquires and transmits the encrypted identification result by:

preprocessing initial target remote sensing data to obtain target remote sensing data, and loading an encryption model;

18. The identification data processing method based on remote sensing data according to claim 13, wherein the crop species identification model is obtained by:

19. The remote sensing data based identification data processing method according to claim 16, wherein the second server performs the following operations before the step of receiving the public key generated by the trusted execution environment and transmitted by the second server is performed:

the trusted server acquires the public key output by the trusted execution environment and forwards the public key to the first server through the data server.

20. A data processing device based on remote sensing data, disposed on a second server disposed in an institution domain, the device comprising:

the acquisition module is configured to acquire the encrypted land block data sent by the first server and transmit the encrypted land block data into the trusted execution environment; the first server is deployed in a service domain;

the decryption module is configured to decrypt the encrypted land block data in the trusted execution environment, and mark the type of the land block crop on the input remote sensing data based on the decryption result to obtain a remote sensing data sample;

the training module is configured to perform model training according to the remote sensing data sample in the trusted execution environment and encrypt a crop type recognition model obtained by training;

and the storage module is configured to acquire and store the encryption model output by the trusted execution environment.

21. An identification data processing device based on remote sensing data, which is arranged on a first server deployed in a service domain, the device comprising:

The receiving module is configured to receive a public key generated by the trusted execution environment and sent by the second server; the second server is deployed in the mechanism domain;

the encryption module is configured to encrypt the land block data according to the public key and send the encrypted land block data obtained by encryption to the second server;

the acquisition module is configured to acquire an encryption identification result of the land parcel crop type of the target remote sensing data sent by the second server; the land crop type is obtained by the second server after crop type identification is carried out on the target remote sensing data transmitted by using a crop type identification model in the trusted execution environment; the encryption recognition result is obtained by encrypting the land parcel crop variety by the trusted execution environment according to the public key;

and the decryption module is configured to decrypt the encrypted identification result by using a private key matched with the public key to obtain the type of the land parcel crops so as to determine the type of the land parcel crops corresponding to the land parcel marking data submitted by the user.

22. A data processing device based on remote sensing data, disposed on a second server deployed in an institution domain, the device comprising:

A processor; the method comprises the steps of,

a memory configured to store computer-executable instructions that, when executed, cause the processor to:

23. An identification data processing device based on remote sensing data, disposed on a first server deployed in a service domain, the device comprising:

a processor; the method comprises the steps of,

24. A storage medium disposed on a second server disposed in an organization domain, the storage medium configured to store computer-executable instructions that, when executed, implement the following:

25. A storage medium disposed on a first server disposed in a service domain, the storage medium configured to store computer-executable instructions that, when executed, implement the following: