CN110944052A

CN110944052A - File transmission method, device, system, electronic equipment and storage medium

Info

Publication number: CN110944052A
Application number: CN201911211598.8A
Authority: CN
Inventors: 张首斌; 潘季明; 薛智慧
Original assignee: Beijing Topsec Technology Co Ltd; Beijing Topsec Network Security Technology Co Ltd; Beijing Topsec Software Co Ltd
Current assignee: Beijing Topsec Technology Co Ltd; Beijing Topsec Network Security Technology Co Ltd; Beijing Topsec Software Co Ltd
Priority date: 2019-11-29
Filing date: 2019-11-29
Publication date: 2020-03-31

Abstract

The invention relates to a file transmission method, a file transmission device, a file transmission system, electronic equipment and a storage medium, and belongs to the field of file transmission. When a client transmits a file to a server, a virtual address of the server is obtained first, then a network database is inquired, and a first negotiation tunnel used for transmitting attribute information of the file to be transmitted is constructed. And the server generates file blocking information aiming at the file to be sent according to the attribute information and inquires a network database to construct a second negotiation tunnel so as to send the file blocking information to the client through the second negotiation tunnel. The client determines the number of data transmission tunnels for transmitting the file to be transmitted according to the file blocking information, creates the data transmission tunnels with the corresponding number in real time, and then transmits the data to be transmitted to the server through the data transmission tunnels. In the whole file transmission process, each tunnel runs in a dark net environment, and the security of file transmission is improved due to the fact that dark net nodes have the characteristic of being incapable of being traced.

Description

File transmission method, device, system, electronic equipment and storage medium

Technical Field

The present application relates to the field of file transmission, and in particular, to a file transmission method, apparatus, system, electronic device, and storage medium.

Background

In the prior art, when a file needs to be transmitted, the file is generally fragmented and delivered to different transmission links for transmission. In the meantime, different transmission links can use different keys to encrypt the fragmented files, so as to reduce the probability of file cracking.

However, when the method is used for transmitting the file, the whole method runs on a public network, and the file is still easy to steal or crack, so that potential safety hazards are caused to the file.

Disclosure of Invention

In view of the above, an object of the present application is to provide a file transmission method, device, system, electronic device and storage medium, which ensure security during file transmission by establishing a tunnel on a dark network to transmit a file.

The embodiment of the application is realized as follows:

in a first aspect, an embodiment of the present application provides a file transmission method, which is applied to a client included in a file transmission system, where the file transmission system further includes a server and a node cluster operating in a hidden network, the node cluster includes a plurality of hidden network nodes connected to each other, and virtual addresses of the client, the server, and each of the hidden network nodes and routing information of each of the hidden network nodes are shared to a network database; the method comprises the following steps: acquiring a file to be sent, wherein the file to be sent comprises a virtual address of a server corresponding to the file to be sent; inquiring the network database to obtain the routing information of each hidden network node, and constructing a first negotiation tunnel with the virtual address of the network database as a starting point and the virtual address of the server as an end point; sending attribute information of the file to be sent to the server through the first negotiation tunnel; acquiring file block information which is sent by the server and corresponds to the file to be sent through a second negotiation tunnel, wherein the second negotiation tunnel is constructed by the server by taking a virtual address of the server as a starting point and a virtual address of the client as an end point; determining the number of data sending tunnels according to the blocking information and establishing the corresponding number of data sending tunnels; sending the file to be sent to the server through the data sending tunnel; and the first negotiation tunnel, the second negotiation tunnel and the data sending tunnel respectively comprise a dark network node.

With reference to the first aspect, in a possible implementation manner, the file blocking information includes a file blocking number N, the node cluster includes Y dark network nodes, a number of reference nodes preconfigured by the client is X, and determining the number of data transmission tunnels and establishing a corresponding number of data transmission tunnels according to the blocking information includes: determining the number of the data sending tunnels to be M according to the size relationship among the N, the Y and the X; and creating M data transmission tunnels between the server and the server.

With reference to the embodiment of the first aspect, in a possible implementation manner, the determining, according to a size relationship among N, Y, and X, that the number of data transmission tunnels is M includes: upon determining that the product of X and N is less than or equal to Y, determining that the value of M is the same as the value of N; upon determining that the product of X and N is greater than Y, determining that the value of M is less than the value of N.

With reference to the embodiment of the first aspect, in a possible implementation manner, the sending the file to be sent to the server through the data sending tunnel includes: splitting the file to be sent into N sub-files corresponding to the file block number N; when the value of M is the same as that of N, the N sub-files are sent to the server through the M data sending tunnels in a mode that one sub-file corresponds to one data sending tunnel; and when the value of M is smaller than the value of N, sending the N sub-files to the server through the M data sending tunnels in a form that the plurality of sub-files correspond to one data sending tunnel, wherein each data sending tunnel at least corresponds to one sub-file.

With reference to the embodiment of the first aspect, in a possible implementation manner, an encryption algorithm database containing a correspondence between an encryption algorithm identifier and an encryption algorithm is stored in the client, the file blocking information includes an encryption algorithm identifier, and the sending the N sub-files to the server through the M data sending tunnels includes: inquiring the encryption algorithm database to obtain an encryption algorithm corresponding to the encryption algorithm identification; encrypting the N sub-files through an encryption algorithm corresponding to the encryption algorithm identification to obtain N encrypted sub-files; sending the N encrypted subfiles to the server through the M data sending tunnels.

With reference to the embodiment of the first aspect, in a possible implementation manner, a compression level database containing a correspondence between compression level identifiers and compression levels is stored in the client, where the file blocking information includes compression level identifiers, and the sending the N sub-files to the server through the M data sending tunnels includes: inquiring the compression level database to obtain a compression level corresponding to the compression level identification; compressing each subfile according to the compression level corresponding to the compression level identification to obtain N compressed subfiles; sending the N compressed subfiles to the server through the M data sending tunnels.

With reference to the embodiment of the first aspect, in a possible implementation manner, the file partition information includes a file ID, and the splitting the file to be sent into N sub-files corresponding to the number N of file partitions includes: splitting the file to be sent into N data packets; and encapsulating each data packet according to a preset message format to obtain the N sub-files, wherein each sub-file comprises the file ID and a sub-file ID corresponding to the sub-file.

With reference to the embodiment of the first aspect, in one possible implementation manner, the method further includes: responding to file sending state query operation of a user and generating a query instruction; sending the query instruction to the server through the first negotiation tunnel; and receiving state information which is sent by the server and used for representing the sending progress of the file to be sent through the second negotiation tunnel, wherein the state information is generated by the server based on the file IDs and the subfile IDs included in all the received subfiles.

With reference to the embodiment of the first aspect, in a possible implementation manner, after determining that the file blocking information is obtained, the first negotiation tunnel is closed.

With reference to the embodiment of the first aspect, in one possible implementation manner, the method further includes: and periodically regenerating a new first negotiation tunnel according to a preset time interval after the first negotiation tunnel is determined to be in a closed state, wherein the new first negotiation tunnel takes the virtual address of the first negotiation tunnel as a starting point and the virtual address of the server as an end point, and the new first negotiation tunnel comprises a hidden network node.

With reference to the embodiment of the first aspect, in a possible implementation manner, before the sending, by the first negotiation tunnel, the attribute information of the file to be sent to the server, the method further includes: sending the identification information of the user to the server through the first negotiation tunnel; when first feedback information which is sent by the server and used for representing that the identity information of the user is legal is determined to be obtained through the second negotiation tunnel, the identity information of the user is sent to the server through the first negotiation tunnel; and when second feedback information which is sent by the server and used for representing that a user corresponding to the identity information has file operation authority is obtained through the second negotiation tunnel, extracting the attribute of the file to be sent and generating the attribute information.

In a second aspect, an embodiment of the present application provides a file transmission method, which is applied to a server included in a file transmission system, where the file transmission system further includes a client and a node cluster operating in a hidden network, the node cluster includes a plurality of hidden network nodes connected to each other, and virtual addresses of the client, the server, and each of the hidden network nodes and routing information of each of the hidden network nodes are shared to a network database; the method comprises the following steps: acquiring attribute information of a file to be sent, which is sent by the client through a first negotiation tunnel, wherein the first negotiation tunnel is constructed by the client by taking a virtual address of the client as a starting point and a virtual address of the server as an end point; generating file blocking information according to the attribute information and the residual resources of the file; inquiring the network database to obtain the routing information of each hidden network node, and constructing a second negotiation tunnel with the virtual address of the network database as a starting point and the virtual address of the client as an end point; sending the file blocking information to the client through the second negotiation tunnel; receiving the file to be sent by the client through a data sending tunnel, wherein the data sending tunnel is determined and established by the client according to the file blocking information; and the first negotiation tunnel, the second negotiation tunnel and the data sending tunnel respectively comprise a dark network node.

In a third aspect, an embodiment of the present application provides a file transfer device, which is applied to a client included in a file transfer system, where the file transfer system further includes a server and a node cluster operating in a hidden network, the node cluster includes a plurality of hidden network nodes connected to each other, and virtual addresses of the client, the server, and each of the hidden network nodes and routing information of each of the hidden network nodes are shared to a network database, and the device includes: the system comprises an acquisition module, a query construction module, a sending module and an establishment module. The system comprises an acquisition module, a sending module and a sending module, wherein the acquisition module is used for acquiring a file to be sent, and the file to be sent comprises a virtual address of a server corresponding to the file to be sent; the query construction module is used for querying the network database to obtain the routing information of each dark net node and constructing a first negotiation tunnel which takes the virtual address of the query construction module as a starting point and the virtual address of the server as an end point; a sending module, configured to send attribute information of the file to be sent to the server through the first negotiation tunnel; the obtaining module is further configured to obtain file blocking information, which is sent by the server and corresponds to the file to be sent, through a second negotiation tunnel, where the second negotiation tunnel is constructed by the server with a virtual address of the server as a starting point and a virtual address of the client as an end point; the establishing module is used for determining the number of data sending tunnels according to the blocking information and establishing the corresponding number of data sending tunnels; the sending module is further configured to send the file to be sent to the server through the data sending tunnel; and the first negotiation tunnel, the second negotiation tunnel and the data sending tunnel respectively comprise a dark network node.

With reference to the third aspect, in a possible implementation manner, the file blocking information includes a file blocking number N, the node cluster includes Y intranet nodes, the number of reference nodes preconfigured by the client is X, and the establishing module is configured to determine, according to a size relationship among N, Y, and X, the number of data transmission tunnels is M; and creating M data transmission tunnels between the server and the server.

With reference to the third aspect, in a possible implementation manner, the establishing module is configured to determine that the value of M is the same as the value of N when it is determined that the product of X and N is less than or equal to Y; upon determining that the product of X and N is greater than Y, determining that the value of M is less than the value of N.

With reference to the third aspect embodiment, in a possible implementation manner, the sending module is configured to split the file to be sent into N sub-files corresponding to the number N of file chunks; when the value of M is the same as that of N, the N sub-files are sent to the server through the M data sending tunnels in a mode that one sub-file corresponds to one data sending tunnel; and when the value of M is smaller than the value of N, sending the N sub-files to the server through the M data sending tunnels in a form that the plurality of sub-files correspond to one data sending tunnel, wherein each data sending tunnel at least corresponds to one sub-file.

With reference to the third aspect, in a possible implementation manner, an encryption algorithm database containing a correspondence between an encryption algorithm identifier and an encryption algorithm is stored in the client, the file blocking information includes an encryption algorithm identifier, and the sending module is configured to query the encryption algorithm database and obtain an encryption algorithm corresponding to the encryption algorithm identifier; encrypting the N sub-files through an encryption algorithm corresponding to the encryption algorithm identification to obtain N encrypted sub-files; sending the N encrypted subfiles to the server through the M data sending tunnels.

With reference to the third aspect embodiment, in a possible implementation manner, a compression level database containing a correspondence between a compression level identifier and a compression level is stored in the client, where the file blocking information includes the compression level identifier, and the sending module is configured to query the compression level database and obtain the compression level corresponding to the compression level identifier; compressing each subfile according to the compression level corresponding to the compression level identification to obtain N compressed subfiles; sending the N compressed subfiles to the server through the M data sending tunnels.

With reference to the third aspect, in a possible implementation manner, the file blocking information includes a file ID, and the sending module is configured to split the file to be sent into N data packets; and encapsulating each data packet according to a preset message format to obtain the N sub-files, wherein each sub-file comprises the file ID and a sub-file ID corresponding to the sub-file.

With reference to the third aspect, in a possible implementation manner, the apparatus further includes a response module, configured to respond to a file sending status query operation of a user, and generate a query instruction; the query module is used for sending the query instruction to the server through the first negotiation tunnel; and a receiving module, configured to receive, through the second negotiation tunnel, status information that is sent by the server and used for characterizing a sending progress of the file to be sent, where the status information is generated by the server based on file IDs and subfile IDs included in all received subfiles.

With reference to the third aspect, in a possible implementation manner, the apparatus further includes a closing module, configured to close the first negotiation tunnel after it is determined that the file blocking information is obtained.

With reference to the embodiment of the third aspect, in a possible implementation manner, the apparatus further includes a regenerating module, configured to periodically regenerate a new first negotiation tunnel according to a preset time interval after determining that the first negotiation tunnel is in a closed state, where the new first negotiation tunnel uses a virtual address of the new first negotiation tunnel as a starting point and a virtual address of the server as an ending point, and the new first negotiation tunnel includes a dark network node.

With reference to the third aspect, in a possible implementation manner, the sending module is further configured to send identification information of the sending module to the server through the first negotiation tunnel; the sending module is further configured to send the identity information of the user to the server through the first negotiation tunnel when it is determined that the first feedback information, which is sent by the server and used for representing that the identity information of the user is legal, is obtained through the second negotiation tunnel; the device further comprises a generating module, configured to extract an attribute of the file to be sent and generate the attribute information when it is determined that second feedback information, which is sent by the server and used for representing that a user corresponding to the identity information has file operation permission, is obtained through the second negotiation tunnel.

In a fourth aspect, an embodiment of the present application provides a file transmission apparatus, which is applied to a server included in a file transmission system, where the file transmission system further includes a client and a node cluster operating in a hidden network, the node cluster includes a plurality of hidden network nodes connected to each other, and a virtual address of the client, the server and each of the hidden network nodes and routing information of each of the hidden network nodes are shared to a network database; the device comprises: the device comprises an acquisition module, a generation module, a query construction module, a sending module and a receiving module. An obtaining module, configured to obtain attribute information of a file to be sent, which is sent by the client through a first negotiation tunnel, where the first negotiation tunnel is constructed by the client using a virtual address of the client as a starting point and a virtual address of the server as an end point; the generating module is used for generating file blocking information according to the attribute information and the residual resources of the generating module; the query construction module is used for querying the network database to obtain the routing information of each dark net node and constructing a second negotiation tunnel which takes the virtual address of the query construction module as a starting point and the virtual address of the client as an end point; the sending module is further configured to send the file blocking information to the client through the second negotiation tunnel; the receiving module is used for receiving the file to be sent by the client through a data sending tunnel, wherein the data sending tunnel is determined and established by the client according to the file blocking information; and the first negotiation tunnel, the second negotiation tunnel and the data sending tunnel respectively comprise a dark network node.

In a fifth aspect, an embodiment of the present application further provides an electronic device, including: a memory and a processor, the memory and the processor connected; the memory is used for storing programs; the processor calls a program stored in the memory to perform the method of the first aspect embodiment and/or any possible implementation manner of the first aspect embodiment; or to perform the method provided by the embodiment of the second aspect.

In a sixth aspect, embodiments of the present application further provide a non-volatile computer-readable storage medium (hereinafter, referred to as a storage medium), on which a computer program is stored, where the computer program is executed by a computer to perform the method in the foregoing first aspect and/or any possible implementation manner of the first aspect; or to perform the method provided by the embodiment of the second aspect.

In a seventh aspect, an embodiment of the present application further provides a file transmission system, including a server, a client, and a node cluster operating in a hidden network, where the node cluster includes a plurality of hidden network nodes connected to each other, and virtual addresses of the client, the server, and each of the hidden network nodes and routing information of each of the hidden network nodes are shared to a network database; the client is used for acquiring a file to be sent, and the file to be sent comprises a virtual address of a server corresponding to the file to be sent; inquiring the network database to obtain the routing information of each hidden network node, and constructing a first negotiation tunnel with the virtual address of the network database as a starting point and the virtual address of the server as an end point; sending attribute information of the file to be sent to the server through the first negotiation tunnel; the server is used for acquiring the attribute information through the first negotiation tunnel and generating file blocking information according to the attribute information and the residual resources of the server; inquiring the network database to obtain the routing information of each hidden network node, and constructing a second negotiation tunnel with the virtual address of the network database as a starting point and the virtual address of the client as an end point; sending the file blocking information to the client through the second negotiation tunnel; the client is used for acquiring the file blocking information through the second negotiation tunnel; determining the number of data sending tunnels according to the blocking information and establishing the corresponding number of data sending tunnels; sending the file to be sent to the server through the data sending tunnel; the server is used for receiving the file to be sent through the data sending tunnel; and the first negotiation tunnel, the second negotiation tunnel and the data sending tunnel respectively comprise a dark network node.

Additional features and advantages of the application will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by the practice of the embodiments of the application. The objectives and other advantages of the application may be realized and attained by the structure particularly pointed out in the written description and drawings.

Drawings

In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings without creative efforts. The foregoing and other objects, features and advantages of the application will be apparent from the accompanying drawings. Like reference numerals refer to like parts throughout the drawings. The drawings are not intended to be to scale as practical, emphasis instead being placed upon illustrating the subject matter of the present application.

Fig. 1 shows a schematic structural diagram of a file transfer system according to an embodiment of the present application.

Fig. 2 shows an interaction diagram of a file transfer method according to an embodiment of the present application.

Fig. 3 shows one of flowcharts of a file transfer method provided in an embodiment of the present application.

Fig. 4 shows a second flowchart of a file transfer method according to an embodiment of the present application.

Fig. 5 shows one of the block diagrams of the file transfer device according to the embodiment of the present application.

Fig. 6 shows a second block diagram of a file transfer device according to an embodiment of the present application.

Fig. 7 shows a schematic structural diagram of an electronic device provided in an embodiment of the present application.

Reference numbers: 10-a file transfer system; 11-a server; 12-a client; 13-node cluster; 100-an electronic device; 110-a processor; 120-a memory; 400-file transfer means; 410-an obtaining module; 420-query building module; 430-a sending module; 440-a setup module; 500-a file transfer device; 510-an obtaining module; 520-a generation module; 530-query building module; 540-a sending module; 550-a receiving module.

Detailed Description

The technical solutions in the embodiments of the present application will be described below with reference to the drawings in the embodiments of the present application.

It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures. Meanwhile, relational terms such as "first," "second," and the like may be used solely in the description herein to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.

Further, the term "and/or" in the present application is only one kind of association relationship describing the associated object, and means that three kinds of relationships may exist, for example, a and/or B may mean: a exists alone, A and B exist simultaneously, and B exists alone.

In addition, in order to solve the potential safety hazard of the file transmission method in the prior art, embodiments of the present application provide a file transmission method, apparatus, system, electronic device, and storage medium, where a tunnel is established on a hidden network to transmit a file, so as to ensure the security of the file transmission process. The technology can be realized by adopting corresponding software, hardware and a combination of software and hardware. The following describes embodiments of the present application in detail.

First, a file transfer system 10 for implementing the file transfer method and apparatus according to the embodiment of the present application is described with reference to fig. 1. The file transfer system 10 includes a server 11, a client 12, and a node cluster 13 operating in a darknet.

The server 11 is a file server, the node cluster 13 includes a plurality of connected darknet nodes, and the server 11, the client 12 and each darknet node are communicated with each other.

The virtual addresses of the server 11, the client 12 and each of the darknet nodes and the routing information of each of the darknet nodes are regularly shared into a network database (NetDB), so that the client 12 and the server 11 can acquire a series of virtual addresses and routing information of the darknet nodes by querying the NetDB to construct a complete communication link (also called a tunnel).

Because the darknet nodes have non-traceability, when the client 12 needs to send a file to the server 11, in order to ensure the safe transmission of the file, the client 12 may select a certain number of darknet nodes and determine the darknet nodes as intermediate nodes, construct a data sending tunnel with the server 11 as a terminal point and with the client as a starting point, and then transmit the file based on the data sending tunnel.

The operation principle of the file transfer system 10 for transferring files based on data transmission tunnels will be described with reference to the interaction diagram shown in fig. 2.

Step S110: the client side obtains a file to be sent, wherein the file to be sent comprises a virtual address of a server corresponding to the file to be sent.

The server 11 corresponding to the file to be sent is the destination device to which the file to be sent needs to be sent.

As an optional implementation manner, the file to be sent may be pre-stored in the client 12, and enter a stage to be sent after being specified by the user. In addition, as another alternative, the file to be sent may also be uploaded to the client 12 by the user in real time.

Step S120: and the client queries the network database to acquire the routing information of each hidden network node, and constructs a first negotiation tunnel with the own virtual address as a starting point and the virtual address of the server as an end point.

As described above, the virtual addresses of the server 11, the client 12, and each of the darknet nodes and the routing information of each of the darknet nodes are regularly shared into the NetDB. After acquiring the virtual address of the server 11 corresponding to the file to be sent, the client 12 may query the NetDB to implement node detection and acquire routing information between the nodes of the dark network.

After completing the node detection, the client 12 randomly selects a plurality of dark network nodes from the detected dark network nodes, and constructs a first negotiation tunnel for unidirectional data transmission by using its own virtual address as a starting point, using the virtual address of the server 11 corresponding to the file to be transmitted as an end point, and using the selected plurality of dark network nodes as intermediate nodes, for example, in fig. 1, the nodes included in the first negotiation tunnel are: client 12-darknet node a-darknet node F-darknet node L-darknet node M-server 11. The client 12 may send information to the server 11 through the first negotiation tunnel, and the server 11 cannot send information to the client 12 through the first negotiation tunnel.

Of course, as an alternative implementation, the client 12 may select a darknet node whose free capacity reaches a threshold to construct the first negotiation tunnel, so as to achieve the purpose of load balancing.

It should be noted that, for data transmission between each darknet node included in the node cluster 13 and its corresponding previous-hop darknet node and its corresponding next-hop darknet node, symmetric encryption or asymmetric encryption is adopted.

Step S130: and the client sends the attribute information of the file to be sent to the server through the first negotiation tunnel.

After the client 12 constructs the first negotiation tunnel, it sends the attribute information of the file to be sent to the server 11 through the first negotiation tunnel.

As an alternative implementation, the attribute information of the file to be sent may include a file name, a file size, a file security level, a file type, a file encryption strength, a file compression strength, and the like. The security level, the file encryption strength and the file compression strength of the file can be specified by a user according to the specific application scene of the file.

Of course, in order to further ensure the security of file transmission, as an alternative implementation manner, before the client 12 sends the attribute information to the server 11, the client 12 may first initiate authentication information to the server 11 through the first negotiation tunnel, so that the server 11 verifies whether the identity information of the client 12 is legal and whether the user sending the file has the file operation right. When the server 11 feeds back feedback information for representing that the identity of the client 12 is legal and that a user sending a file has a file operation authority to the client 12, the client 12 extracts the attribute of the file to be sent again, generates attribute information and sends the attribute information to the server 11.

The process in which the client 12 initiates the authentication information to the server 11 through the first negotiation tunnel is as follows.

The client 12 may send identification information (e.g., a hardware sequence hash value of the client, a system hash value built in the client, etc.) for characterizing identity information of itself to the server 11 through the first negotiation tunnel. After acquiring the identification information, the server 11 queries a preset client white list to determine whether the identity information of the client sending the identification information is legal. It is understood that a plurality of identification information are stored in the client white list, and when the identification information of a certain client 12 matches with the identification information in the client white list, the server 11 determines that the identity information of the certain client 12 is legal.

After determining that the identity information of the client 12 is legal, the server 11 queries the NetDB to select a plurality of darknet nodes (the plurality of darknet nodes may be partially the same as or completely different from the plurality of darknet nodes selected by the client 12) as intermediate nodes. Subsequently, the server 11 constructs a second negotiation tunnel according to a similar method for constructing the first negotiation tunnel by the client 12, wherein the second negotiation tunnel uses the virtual address of the server 11 as a starting point, the virtual address of the client 12 as an end point, and a plurality of dark network nodes selected by the server 11 as intermediate nodes. For example, in fig. 1, the second tunnel includes nodes: server 11-darknet node O-darknet node J-darknet node E-darknet node C-client 12.

It is to be noted that the second negotiation tunnel is also a unidirectional transport tunnel, i.e. the server 11 can send information to the client 12 via the second negotiation tunnel, and the client 12 cannot send information to the server 11 via the second negotiation tunnel.

After the server 11 constructs the second negotiation tunnel, the first feedback information for representing that the identity information of the client 12 is legal is sent to the client 12 through the second negotiation tunnel.

After obtaining the first feedback information, the client 12 sends the identity information of the user sending the file (for example, the user name and the login password of the user) to the server 11 through the first negotiation tunnel. After acquiring the identity information of the user, the server 11 queries a preset user white list to determine whether the user has a file operation permission. It is understood that identity information of a plurality of users is stored in the user white list, and when the identity information of a certain user matches with the identity information in the user white list, the server 11 determines that the user has the file operation authority.

After determining that the user has the file operation authority, the server 11 sends second feedback information for representing that the user has the file operation authority to the client 12 through the second negotiation tunnel.

Subsequently, the client 12 obtains the second feedback information, generates attribute information of the file to be sent, and sends the attribute information to the server 11.

Step S140: and the server acquires the attribute information through the first negotiation tunnel and generates file blocking information according to the attribute information and the residual resources of the server.

After the server 11 obtains the attribute information, the file to be transmitted is evaluated according to factors such as the file size, the file security level, the file type, the file encryption strength, the file compression strength, and the like included in the attribute information, and simultaneously, the file to be transmitted is evaluated by combining with the remaining resources of the server, such as the bandwidth capacity, the load condition, and the like of the server, so that file blocking information is generated for the file to be transmitted, and is used for guiding the client 12 to block the file to be transmitted.

The file blocking information may include: the file system comprises a file ID of a file to be sent, the number N of file blocks of the file to be sent, subfile IDs of subfiles obtained after the file is blocked, an encryption algorithm identifier (optional) of each subfile, a compression level identifier (optional) of each subfile and the like.

Step S150: and the server inquires the network database to obtain the routing information of each hidden network node, constructs a second negotiation tunnel with the virtual address of the server as a starting point and the virtual address of the client as an end point, and sends the file blocking information to the client through the second negotiation tunnel.

It is noted that the construction sequence of the second negotiation tunnel is not limited to the time when the server 11 needs to send the file blocking information to the client 12, and it can be understood that the server 11 may construct the second negotiation tunnel in advance at any feasible time before the server 11 sends the file blocking information to the client 12, for example, in the foregoing embodiment, the server 11 constructs the second negotiation tunnel for the server 11 to use before the server 11 needs to send the feedback information to the client 12.

Step S160: and the client acquires the file blocking information through the second negotiation tunnel, determines the number of data transmission tunnels according to the blocking information and establishes the corresponding number of data transmission tunnels.

After obtaining the file block information, the client 12 analyzes the file block information, thereby obtaining the file ID of the file to be sent, the IDs of the subfiles, and the number N of file blocks. Subsequently, the client splits the file to be sent into N data packets, and then encapsulates each data packet according to a preset message format to obtain the N subfiles, wherein each subfile includes the file ID of the file to be sent, the subfile ID of the current subfile, the user information of the user sending the subfile, and the like.

Furthermore, the client 12 determines the number of data transmission tunnels (assumed to be M here) for transmitting the file to be transmitted based on the file block number N, the number of hidden network nodes (assumed to be Y here) that can be discovered and included in the node cluster 13, and the number of reference nodes (assumed to be X here) that are configured in advance by the client 12.

The process of determining the number M of data transmission tunnels is as follows.

As an alternative embodiment, when the client 12 determines that the product of X and N is less than or equal to Y, it determines that the value of M is the same as the value of N, that is, the client 12 determines that the number of created data transmission tunnels is equal to the number of subfiles.

As another alternative, when the client 12 determines that the product of X and N is greater than Y, the value of M is determined to be less than the value of N. At this time, the number of darknet nodes is insufficient, and the client 12 determines that the number of created data transmission tunnels is smaller than the number of subfiles.

It is noted that the number of the reference nodes that the client 12 is configured with in advance is used to guide the number of the nodes that the client 12 needs to select for being the darknet node when establishing the data transmission tunnel. For example, if the number of the participating nodes is X, the client 12 needs to select 2X darknet nodes to participate in establishing a data transmission tunnel. Of course, here, the client 12 may also select a dark network node whose free capacity reaches a threshold value to establish a data transmission tunnel, so as to subsequently accelerate the transmission speed of the subsequent file to be transmitted during transmission.

After determining the number M of data transmission tunnels to be created, the client 12 creates M data transmission tunnels between itself and the server 11. If the remaining resources are sufficient, a certain darknet node can be simultaneously used as one darknet node in the first negotiation tunnel, the second negotiation tunnel and the data sending tunnel, that is, the darknet nodes in the first negotiation tunnel, the second negotiation tunnel and the data sending tunnel can be mutually multiplexed.

In addition, in the embodiment of the present application, the data sending tunnel is only used for transmitting data, and the transmission of various instructions and messages depends on the first negotiation tunnel or the second negotiation tunnel, so that the utilization rate of each node can be improved.

It is worth pointing out that the data transmission tunnel is also a unidirectional transport tunnel.

Step S170: and the client sends the file to be sent to the server through the data sending tunnel.

After creating M data transmission tunnels in real time, the client 12 transmits a file to be transmitted to the server 11 through the M data transmission tunnels.

If the client 12 determines that the value of M is the same as the value of N, the N subfiles are sent to the server 11 through the M data sending tunnels in a form that one subfile corresponds to one data sending tunnel; if the client 12 determines that the value of M is smaller than the value of N, the N sub-files are sent to the server 11 through the M data sending tunnels in a form in which the plurality of sub-files multiplex one data sending tunnel, and at this time, each data sending tunnel corresponds to at least one sub-file.

The client 12 sends each sub-file to the server 11 in the form of multiple data sending tunnels, so that the purpose of efficiently transmitting the file to be sent to the server 11 can be achieved. In the transmission process of each subfile, because data transmission between each darknet node and the corresponding previous hop darknet node and the corresponding next hop darknet node of each data transmission tunnel is symmetrically encrypted or asymmetrically encrypted, the subfile in transmission can be encrypted by using a secret key, and the safety of the subfile in the transmission process is guaranteed.

In addition, as an alternative embodiment, an encryption algorithm database containing the correspondence between the encryption algorithm identifier and the encryption algorithm may be stored in the client 12. As mentioned above, the file blocking information may include an encryption algorithm identifier, so that the client 12 may also match the corresponding encryption algorithm according to the encryption algorithm identifier corresponding to each subfile before sending the respective subfile to the server 11 through the data sending tunnel. After the encryption algorithm corresponding to each subfile is obtained, the client 12 encrypts each subfile according to the corresponding encryption algorithm to obtain an encrypted subfile, and then transmits the encrypted subfile to the server 11 through the data transmission tunnel, so that the security of the subfile in the transmission process is further guaranteed.

In addition, as an alternative embodiment, a compression level database containing the correspondence between the compression level identifier and the compression level may be stored in the client 12. As mentioned above, the file blocking information may include a compression level identifier, so that the client 12 may further match the corresponding compression level according to the compression level identifier corresponding to each subfile before sending the respective subfile to the server 11 through the data transmission tunnel. After the compression level corresponding to each subfile is obtained, the client 12 compresses each subfile according to the corresponding compression level to obtain a compressed subfile, and then transmits the compressed subfile to the server 11 through a data transmission tunnel.

Step S180: and the server receives the file to be sent through the data sending tunnel.

After receiving each subfile included in the file to be sent through the data sending tunnel, the server 11 analyzes the subfiles according to a preset message format, completes operations such as information extraction, decompression (optional), decryption (optional) and the like on the subfiles, and then assembles each subfile according to the file ID of the file to be sent and the subfile ID of the current subfile in the subfiles, so as to obtain a complete file to be sent.

In addition, since the data transmission tunnel is also a unidirectional transmission tunnel, the server 11 cannot perform data response to the client 12 through the data transmission tunnel during the whole transmission process of the file to be transmitted.

At this time, if the user needs to query the transmission progress of the file to be sent or query whether the file to be sent has a transmission error, a file sending state query operation may be initiated for the client 12. The client 12 generates a query instruction in response to the file sending status query operation, and sends the query instruction to the server 11 through the first negotiation tunnel. After obtaining the query instruction, the server 11 generates state information for representing the transmission progress of the file to be transmitted and whether the file to be transmitted has a transmission error according to the file IDs and the subfile IDs included in all the received subfiles, and feeds back the state information to the client 12 through the second negotiation tunnel.

As an optional implementation manner, in order to reduce consumption of tunnel resources, as an optional implementation manner, after determining to acquire the file blocking information, the client 12 may close the first negotiation tunnel.

When the subsequent client 12 needs to send the query instruction to the server 11, optionally, after the client 12 determines that the first negotiation tunnel is in the closed state, the client 12 may reconstruct a new first negotiation tunnel according to the method for constructing the first negotiation tunnel, and send the query instruction to the server 11 through the new first negotiation tunnel.

Optionally, when the subsequent client 12 needs to send the query instruction to the server 11 and the first negotiation tunnel is in the closed state, the client 12 may also periodically regenerate a new first negotiation tunnel according to the aforementioned method for constructing the first negotiation tunnel according to a preset time interval.

According to the file transmission system provided by the embodiment of the application, when a client needs to transmit a file to a server, a virtual address of the server is obtained through the file to be transmitted, then a network database which stores the virtual address of the client, the server and each darknet node and routing information of each darknet node is inquired, and a first negotiation tunnel used for transmitting attribute information of the file to be transmitted is constructed. And the server generates file blocking information aiming at the file to be sent according to the attribute information, queries a network database and constructs a second negotiation tunnel so as to send the file blocking information to the client through the second negotiation tunnel. The client determines the number of data transmission tunnels for transmitting the file to be transmitted according to the file blocking information, creates the data transmission tunnels with the corresponding number in real time, and then transmits the data to be transmitted to the server through the data transmission tunnels. In the whole file transmission process, each tunnel runs in a dark net environment, and the security of file transmission is improved due to the fact that dark net nodes have the characteristic of being incapable of being traced.

In addition, please refer to fig. 3, an embodiment of the present application further provides a file transmission method, which is applied to the client 12 included in the file transmission system 10. The method comprises the following steps.

Step S210: and acquiring a file to be sent, wherein the file to be sent comprises a virtual address of a server corresponding to the file to be sent.

Step S220: and inquiring the network database to obtain the routing information of each hidden network node, and constructing a first negotiation tunnel with the virtual address of the first negotiation tunnel as a starting point and the virtual address of the server as an end point.

Step S230: and sending the attribute information of the file to be sent to the server through the first negotiation tunnel.

Certainly, as an optional implementation manner, before the client sends the attribute information to the server, the client may also send the identification information of the client to the server through the first negotiation tunnel, and when it is determined that the first feedback information used for representing that the identity information of the client sent by the server is legal is obtained through the second negotiation tunnel, the identity information of the user is sent to the server through the first negotiation tunnel; and when second feedback information which is sent by the server and used for representing that a user corresponding to the identity information has file operation permission is obtained through the second negotiation tunnel, extracting the attribute of the file to be sent and generating the attribute information so as to send the file to the server later.

Step S240: and acquiring file block information which is sent by the server and corresponds to the file to be sent through a second negotiation tunnel, wherein the second negotiation tunnel is constructed by the server by taking the virtual address of the server as a starting point and the virtual address of the client as an end point.

Optionally, after determining to acquire the file blocking information, the client may close the first negotiation tunnel. Of course, in this embodiment, after determining that the first negotiation tunnel is in the closed state, the client may also periodically regenerate a new first negotiation tunnel according to a preset time interval, where the new first negotiation tunnel uses its own virtual address as a starting point and uses the virtual address of the server as an end point, and the new first negotiation tunnel includes the darknet node.

Step S250: and determining the number of data sending tunnels according to the block information and establishing the corresponding number of data sending tunnels.

In an optional implementation manner, the file blocking information includes a file blocking number N, the node cluster includes Y dark network nodes, and the number of the reference nodes preconfigured by the client is X. The client determines the number of the data sending tunnels to be M according to the size relation among the N, the Y and the X; and creating M data transmission tunnels between the server and the server.

Optionally, when determining that the product of X and N is less than or equal to Y, the client determines that the value of M is the same as the value of N; and when the client determines that the product of the X and the N is greater than the Y, determining that the numerical value of the M is smaller than the numerical value of the N.

Step S260: and sending the file to be sent to the server through the data sending tunnel.

And the first negotiation tunnel, the second negotiation tunnel and the data sending tunnel respectively comprise a dark network node.

Optionally, the client splits the file to be sent into N sub-files corresponding to the file block number N; when the value of M is the same as that of N, the N sub-files are sent to the server through the M data sending tunnels in a mode that one sub-file corresponds to one data sending tunnel; and when the value of M is smaller than the value of N, sending the N sub-files to the server through the M data sending tunnels in a form that the plurality of sub-files correspond to one data sending tunnel, wherein each data sending tunnel at least corresponds to one sub-file.

Optionally, the file blocking information includes a file ID, and the client splits the file to be sent into N data packets; and encapsulating each data packet according to a preset message format to obtain the N sub-files, wherein each sub-file comprises the file ID and a sub-file ID corresponding to the sub-file.

Optionally, an encryption algorithm database containing a correspondence between an encryption algorithm identifier and an encryption algorithm is stored in the client, and the file blocking information includes the encryption algorithm identifier. In this embodiment, the client queries the encryption algorithm database to obtain the encryption algorithm corresponding to the encryption algorithm identifier; encrypting the N sub-files through an encryption algorithm corresponding to the encryption algorithm identification to obtain N encrypted sub-files; sending the N encrypted subfiles to the server through the M data sending tunnels.

Optionally, a compression level database containing a correspondence between compression level identifiers and compression levels is stored in the client, and the file blocking information includes a compression level identifier. In this embodiment, the client queries the compression level database to obtain a compression level corresponding to the compression level identifier; compressing each subfile according to the compression level corresponding to the compression level identification to obtain N compressed subfiles; sending the N compressed subfiles to the server through the M data sending tunnels.

Optionally, after the client sends the file to be sent to the server through the data sending tunnel, the client may also respond to a file sending state query operation of a user to generate a query instruction; sending the query instruction to the server through the first negotiation tunnel; and receiving state information which is sent by the server and used for representing the sending progress of the file to be sent through the second negotiation tunnel, wherein the state information is generated by the server based on the file IDs and the subfile IDs included in all the received subfiles.

It should be noted that, the implementation principle and the resulting technical effect of the file transmission method provided in the embodiment of the present application are the same as those of the foregoing system embodiment, and for a brief description, reference may be made to the corresponding contents in the foregoing system embodiment for the part where this method embodiment is not mentioned.

In addition, referring to fig. 4, an embodiment of the present application further provides a file transmission method, which is applied to the server 11 included in the file transmission system 10. The method comprises the following steps.

Step S310: and acquiring attribute information of a file to be sent, which is sent by the client through a first negotiation tunnel, wherein the first negotiation tunnel is constructed by the client by taking a virtual address of the client as a starting point and taking a virtual address of the server as an end point.

Step S320: and generating file block information according to the attribute information and the residual resources.

Step S330: and querying the network database to obtain the routing information of each hidden network node, and constructing a second negotiation tunnel with the virtual address of the second negotiation tunnel as a starting point and the virtual address of the client as an end point.

The virtual addresses of the client, the server and each darknet node and the routing information of each darknet node are shared to a network database.

Step S340: and sending the file blocking information to the client through the second negotiation tunnel.

Step S350: and receiving the file to be sent by the client through a data sending tunnel, wherein the data sending tunnel is determined and established by the client according to the file blocking information.

In addition, referring to fig. 5 in response to fig. 3, an embodiment of the present application further provides a file transfer device 400, where the file transfer device 400 may include: an acquisition module 410, a query construction module 420, a sending module 430, and a building module 440.

An obtaining module 410, configured to obtain a file to be sent, where the file to be sent includes a virtual address of a server corresponding to the file to be sent;

the query building module 420 is configured to query the network database to obtain the routing information of each darknet node, and build a first negotiation tunnel with a virtual address of the first negotiation tunnel as a starting point and a virtual address of the server as an end point;

a sending module 430, configured to send attribute information of the file to be sent to the server through the first negotiation tunnel;

the obtaining module 410 is further configured to obtain file blocking information, which is sent by the server and corresponds to the file to be sent, through a second negotiation tunnel, where the second negotiation tunnel is constructed by the server with a virtual address of the server as a starting point and a virtual address of the client as an end point;

an establishing module 440, configured to determine the number of data sending tunnels according to the blocking information and establish a corresponding number of data sending tunnels;

the sending module 430 is further configured to send the file to be sent to the server through the data sending tunnel;

Optionally, the file blocking information includes a file blocking number N, the node cluster includes Y intranet nodes, the number of pre-configured participating nodes of the client is X, and the establishing module 440 is configured to determine, according to a size relationship among N, Y, and X, the number of data transmission tunnels is M; and creating M data transmission tunnels between the server and the server.

Optionally, the establishing module 440 is configured to determine that the value of M is the same as the value of N when it is determined that the product of X and N is less than or equal to Y; upon determining that the product of X and N is greater than Y, determining that the value of M is less than the value of N.

Optionally, the sending module 430 is configured to split the file to be sent into N sub-files corresponding to the file block number N; when the value of M is the same as that of N, the N sub-files are sent to the server through the M data sending tunnels in a mode that one sub-file corresponds to one data sending tunnel; and when the value of M is smaller than the value of N, sending the N sub-files to the server through the M data sending tunnels in a form that the plurality of sub-files correspond to one data sending tunnel, wherein each data sending tunnel at least corresponds to one sub-file.

Optionally, an encryption algorithm database containing a correspondence between an encryption algorithm identifier and an encryption algorithm is stored in the client, the file blocking information includes the encryption algorithm identifier, and the sending module 430 is configured to query the encryption algorithm database to obtain the encryption algorithm corresponding to the encryption algorithm identifier; encrypting the N sub-files through an encryption algorithm corresponding to the encryption algorithm identification to obtain N encrypted sub-files; sending the N encrypted subfiles to the server through the M data sending tunnels.

Optionally, a compression level database containing a correspondence between compression level identifiers and compression levels is stored in the client, the file blocking information includes a compression level identifier, and the sending module 430 is configured to query the compression level database and obtain a compression level corresponding to the compression level identifier; compressing each subfile according to the compression level corresponding to the compression level identification to obtain N compressed subfiles; sending the N compressed subfiles to the server through the M data sending tunnels.

Optionally, the file blocking information includes a file ID, and the sending module 430 is configured to split the file to be sent into N data packets; and encapsulating each data packet according to a preset message format to obtain the N sub-files, wherein each sub-file comprises the file ID and a sub-file ID corresponding to the sub-file.

Optionally, the apparatus further includes a response module, configured to respond to a file sending status query operation of a user, and generate a query instruction; the query module is used for sending the query instruction to the server through the first negotiation tunnel; and a receiving module, configured to receive, through the second negotiation tunnel, status information that is sent by the server and used for characterizing a sending progress of the file to be sent, where the status information is generated by the server based on file IDs and subfile IDs included in all received subfiles.

Optionally, the apparatus further includes a closing module, configured to close the first negotiation tunnel after determining that the file blocking information is obtained.

Optionally, the apparatus further includes a regeneration module, configured to periodically regenerate a new first negotiation tunnel according to a preset time interval after determining that the first negotiation tunnel is in a closed state, where the new first negotiation tunnel uses a virtual address of the new first negotiation tunnel as a starting point and a virtual address of the server as an end point, and the new first negotiation tunnel includes a hidden network node.

Optionally, the sending module 430 is further configured to send identification information of itself to the server through the first negotiation tunnel; the sending module 430 is further configured to send the identity information of the user to the server through the first negotiation tunnel when it is determined that the first feedback information, which is sent by the server and used for representing that the identity information of the user is legal, is obtained through the second negotiation tunnel; the device further comprises a generating module, configured to extract an attribute of the file to be sent and generate the attribute information when it is determined that second feedback information, which is sent by the server and used for representing that a user corresponding to the identity information has file operation permission, is obtained through the second negotiation tunnel.

The document transmission apparatus 400 provided in the embodiment of the present application has the same implementation principle and the same technical effect as those of the foregoing system embodiment, and for the sake of brief description, reference may be made to the corresponding contents in the foregoing system embodiment for the part of the embodiment of the apparatus that is not mentioned.

In addition, referring to fig. 6 corresponding to fig. 4, an embodiment of the present application further provides a file transmission apparatus 500, where the file transmission apparatus 500 may include: the query module comprises an acquisition module 510, a generation module 520, a query construction module 530, a sending module 540 and a receiving module 550.

An obtaining module 510, configured to obtain attribute information of a file to be sent, which is sent by the client through a first negotiation tunnel, where the first negotiation tunnel is constructed by the client using a virtual address of the client as a starting point and a virtual address of the server as an end point;

a generating module 520, configured to generate file blocking information according to the attribute information and the remaining resources of the file;

the query building module 530 is configured to query the network database to obtain the routing information of each darknet node, and build a second negotiation tunnel with a virtual address of the second negotiation tunnel as a starting point and a virtual address of the client as an end point;

a sending module 540, further configured to send the file blocking information to the client through the second negotiation tunnel;

a receiving module 550, configured to receive the file to be sent by the client through a data sending tunnel, where the data sending tunnel is determined and established by the client according to the file blocking information.

The document transmission device 500 provided in the embodiment of the present application has the same implementation principle and the same technical effect as those of the foregoing system embodiment, and for the sake of brief description, reference may be made to the corresponding contents in the foregoing system embodiment for the part of the embodiment of the device that is not mentioned.

In addition, the embodiment of the present application further provides a storage medium, where a computer program is stored on the storage medium, and when the computer program is executed by a computer, the file transfer method as described above is executed.

In addition, referring to fig. 7, an embodiment of the invention further provides an electronic device 100, which includes a processor 110 and a memory 120 connected to the processor 110. The memory 120 stores a computer program that, when executed by the processor 110, causes the electronic device to perform the file transfer method as described above.

Of course, the method disclosed in any of the embodiments of the present application can be applied to the processor 110, or implemented by the processor 110.

To sum up, according to the file transmission method, device, system, electronic device and storage medium provided in the embodiments of the present invention, when a client needs to transmit a file to a server, a virtual address of the server is obtained through the file to be transmitted, and then a network database storing the virtual address of the client, the server, each intranet node and routing information of each intranet node is queried, so as to construct a first negotiation tunnel for transmitting attribute information of the file to be transmitted. And the server generates file blocking information aiming at the file to be sent according to the attribute information, queries a network database and constructs a second negotiation tunnel so as to send the file blocking information to the client through the second negotiation tunnel. The client determines the number of data transmission tunnels for transmitting the file to be transmitted according to the file blocking information, creates the data transmission tunnels with the corresponding number in real time, and then transmits the data to be transmitted to the server through the data transmission tunnels. In the whole file transmission process, each tunnel runs in a dark net environment, and the security of file transmission is improved due to the fact that dark net nodes have the characteristic of being incapable of being traced.

It should be noted that, in the present specification, the embodiments are all described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments may be referred to each other.

In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method can be implemented in other ways. The apparatus embodiments described above are merely illustrative, and for example, the flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.

In addition, functional modules in the embodiments of the present application may be integrated together to form an independent part, or each module may exist separately, or two or more modules may be integrated to form an independent part.

The functions may be stored in a storage medium if they are implemented in the form of software function modules and sold or used as separate products. Based on such understanding, the technical solution of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a notebook computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.

The above description is only for the specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present application, and shall be covered by the scope of the present application.

Claims

1. A file transmission method is characterized in that the method is applied to a client side included in a file transmission system, the file transmission system further comprises a server and a node cluster operating in a hidden network, the node cluster comprises a plurality of hidden network nodes which are connected with one another, and virtual addresses of the client side, the server and each hidden network node and routing information of each hidden network node are shared to a network database; the method comprises the following steps:

acquiring a file to be sent, wherein the file to be sent comprises a virtual address of a server corresponding to the file to be sent;

inquiring the network database to obtain the routing information of each hidden network node, and constructing a first negotiation tunnel with the virtual address of the network database as a starting point and the virtual address of the server as an end point;

sending attribute information of the file to be sent to the server through the first negotiation tunnel;

acquiring file block information which is sent by the server and corresponds to the file to be sent through a second negotiation tunnel, wherein the second negotiation tunnel is constructed by the server by taking a virtual address of the server as a starting point and a virtual address of the client as an end point;

determining the number of data sending tunnels according to the blocking information and establishing the corresponding number of data sending tunnels;

sending the file to be sent to the server through the data sending tunnel;

2. The method according to claim 1, wherein the file blocking information includes a file blocking number N, the node cluster includes Y darknet nodes, the number of the reference nodes preconfigured by the client is X, and the determining the number of data transmission tunnels and establishing the corresponding number of data transmission tunnels according to the blocking information includes:

determining the number of the data sending tunnels to be M according to the size relationship among the N, the Y and the X;

and creating M data transmission tunnels between the server and the server.

3. The method according to claim 2, wherein the determining the number of data transmission tunnels as M according to the size relationship among N, Y and X comprises:

upon determining that the product of X and N is less than or equal to Y, determining that the value of M is the same as the value of N;

upon determining that the product of X and N is greater than Y, determining that the value of M is less than the value of N.

4. The method according to claim 3, wherein the sending the file to be sent to the server through the data sending tunnel comprises:

splitting the file to be sent into N sub-files corresponding to the file block number N;

when the value of M is the same as that of N, the N sub-files are sent to the server through the M data sending tunnels in a mode that one sub-file corresponds to one data sending tunnel;

and when the value of M is smaller than the value of N, sending the N sub-files to the server through the M data sending tunnels in a form that the plurality of sub-files correspond to one data sending tunnel, wherein each data sending tunnel at least corresponds to one sub-file.

5. The method according to claim 4, wherein an encryption algorithm database containing a correspondence relationship between encryption algorithm identifiers and encryption algorithms is stored in the client, the file blocking information includes encryption algorithm identifiers, and the sending the N sub-files to the server through the M data sending tunnels includes:

inquiring the encryption algorithm database to obtain an encryption algorithm corresponding to the encryption algorithm identification;

encrypting the N sub-files through an encryption algorithm corresponding to the encryption algorithm identification to obtain N encrypted sub-files;

sending the N encrypted subfiles to the server through the M data sending tunnels.

6. The method according to claim 4, wherein a compression level database containing a correspondence relationship between compression level identifiers and compression levels is stored in the client, the file blocking information includes compression level identifiers, and the sending the N sub-files to the server through the M data sending tunnels includes:

inquiring the compression level database to obtain a compression level corresponding to the compression level identification;

compressing each subfile according to the compression level corresponding to the compression level identification to obtain N compressed subfiles;

sending the N compressed subfiles to the server through the M data sending tunnels.

7. The method according to claim 4, wherein the file partition information includes a file ID, and the splitting the file to be transmitted into N sub-files corresponding to the number N of file partitions includes:

splitting the file to be sent into N data packets;

and encapsulating each data packet according to a preset message format to obtain the N sub-files, wherein each sub-file comprises the file ID and a sub-file ID corresponding to the sub-file.

8. The method of claim 7, further comprising:

responding to file sending state query operation of a user and generating a query instruction;

sending the query instruction to the server through the first negotiation tunnel;

and receiving state information which is sent by the server and used for representing the sending progress of the file to be sent through the second negotiation tunnel, wherein the state information is generated by the server based on the file IDs and the subfile IDs included in all the received subfiles.

9. The method of claim 1, further comprising:

and closing the first negotiation tunnel after the file blocking information is determined to be acquired.

10. The method of claim 9, further comprising:

and periodically regenerating a new first negotiation tunnel according to a preset time interval after the first negotiation tunnel is determined to be in a closed state, wherein the new first negotiation tunnel takes the virtual address of the first negotiation tunnel as a starting point and the virtual address of the server as an end point, and the new first negotiation tunnel comprises a hidden network node.

11. The method according to claim 1, wherein before the sending the attribute information of the file to be sent to the server through the first negotiation tunnel, the method further comprises:

sending the identification information of the user to the server through the first negotiation tunnel;

when first feedback information which is sent by the server and used for representing that the identity information of the user is legal is determined to be obtained through the second negotiation tunnel, the identity information of the user is sent to the server through the first negotiation tunnel;

and when second feedback information which is sent by the server and used for representing that a user corresponding to the identity information has file operation authority is obtained through the second negotiation tunnel, extracting the attribute of the file to be sent and generating the attribute information.

12. A file transmission method is characterized in that the method is applied to a server included in a file transmission system, the file transmission system further comprises a client and a node cluster running in a hidden network, the node cluster comprises a plurality of hidden network nodes which are connected with each other, and virtual addresses of the client, the server and each hidden network node and routing information of each hidden network node are shared to a network database; the method comprises the following steps:

acquiring attribute information of a file to be sent, which is sent by the client through a first negotiation tunnel, wherein the first negotiation tunnel is constructed by the client by taking a virtual address of the client as a starting point and a virtual address of the server as an end point;

generating file blocking information according to the attribute information and the residual resources of the file;

inquiring the network database to obtain the routing information of each hidden network node, and constructing a second negotiation tunnel with the virtual address of the network database as a starting point and the virtual address of the client as an end point;

sending the file blocking information to the client through the second negotiation tunnel;

receiving the file to be sent by the client through a data sending tunnel, wherein the data sending tunnel is determined and established by the client according to the file blocking information;

13. A file transmission device is applied to a client included in a file transmission system, the file transmission system further includes a server and a node cluster operating in a hidden network, the node cluster includes a plurality of hidden network nodes connected with each other, and virtual addresses of the client, the server and each of the hidden network nodes and routing information of each of the hidden network nodes are shared to a network database, the device includes:

the system comprises an acquisition module, a sending module and a sending module, wherein the acquisition module is used for acquiring a file to be sent, and the file to be sent comprises a virtual address of a server corresponding to the file to be sent;

the query construction module is used for querying the network database to obtain the routing information of each dark net node and constructing a first negotiation tunnel which takes the virtual address of the query construction module as a starting point and the virtual address of the server as an end point;

a sending module, configured to send attribute information of the file to be sent to the server through the first negotiation tunnel;

the obtaining module is further configured to obtain file blocking information, which is sent by the server and corresponds to the file to be sent, through a second negotiation tunnel, where the second negotiation tunnel is constructed by the server with a virtual address of the server as a starting point and a virtual address of the client as an end point;

the establishing module is used for determining the number of data sending tunnels according to the blocking information and establishing the corresponding number of data sending tunnels;

the sending module is further configured to send the file to be sent to the server through the data sending tunnel;

14. A file transmission device is characterized by being applied to a server included in a file transmission system, wherein the file transmission system further comprises a client and a node cluster running in a hidden network, the node cluster comprises a plurality of hidden network nodes which are connected with one another, and virtual addresses of the client, the server and each hidden network node and routing information of each hidden network node are shared to a network database; the device comprises:

an obtaining module, configured to obtain attribute information of a file to be sent, which is sent by the client through a first negotiation tunnel, where the first negotiation tunnel is constructed by the client using a virtual address of the client as a starting point and a virtual address of the server as an end point;

the generating module is used for generating file blocking information according to the attribute information and the residual resources of the generating module;

the query construction module is used for querying the network database to obtain the routing information of each dark net node and constructing a second negotiation tunnel which takes the virtual address of the query construction module as a starting point and the virtual address of the client as an end point;

the sending module is further configured to send the file blocking information to the client through the second negotiation tunnel;

the receiving module is used for receiving the file to be sent by the client through a data sending tunnel, wherein the data sending tunnel is determined and established by the client according to the file blocking information;

15. An electronic device, comprising: a memory and a processor, the memory and the processor connected;

the memory is used for storing programs;

the processor calls a program stored in the memory to perform the method of any of claims 1-12.

16. A storage medium having stored thereon a computer program which, when executed by a computer, performs the method of any one of claims 1-12.

17. A file transmission system is characterized by comprising a server, a client and a node cluster running in a hidden network, wherein the node cluster comprises a plurality of hidden network nodes which are connected with each other, and virtual addresses of the client, the server and each hidden network node and routing information of each hidden network node are shared to a network database;

the client is used for acquiring a file to be sent, and the file to be sent comprises a virtual address of a server corresponding to the file to be sent; inquiring the network database to obtain the routing information of each hidden network node, and constructing a first negotiation tunnel with the virtual address of the network database as a starting point and the virtual address of the server as an end point; sending attribute information of the file to be sent to the server through the first negotiation tunnel;

the server is used for acquiring the attribute information through the first negotiation tunnel and generating file blocking information according to the attribute information and the residual resources of the server; inquiring the network database to obtain the routing information of each hidden network node, and constructing a second negotiation tunnel with the virtual address of the network database as a starting point and the virtual address of the client as an end point; sending the file blocking information to the client through the second negotiation tunnel;

the client is used for acquiring the file blocking information through the second negotiation tunnel; determining the number of data sending tunnels according to the blocking information and establishing the corresponding number of data sending tunnels; sending the file to be sent to the server through the data sending tunnel;

the server is used for receiving the file to be sent through the data sending tunnel;