Search

CN-121984966-A - Cross-platform local area network file transmission method and system based on environment awareness and dynamic trust establishment

CN121984966ACN 121984966 ACN121984966 ACN 121984966ACN-121984966-A

Abstract

The invention relates to the technical field of local area network communication and file transmission, and discloses a cross-platform local area network file transmission method and system based on environment awareness and dynamic trust establishment, wherein online equipment in a local area network is discovered through a mixed discovery protocol of environment awareness, and an online equipment list is obtained; based on the online equipment list, an end-to-end encrypted safe transmission channel is established with the target equipment through a three-step handshake process, files are transmitted through the safe transmission channel, and the transmission comprises file sending or folder synchronization.

Inventors

  • MU YONGCHAO
  • LIU HUI
  • DUAN YANGYANG
  • WEI XING
  • YANG JIAN
  • DING JUANJUAN
  • LIANG LEI
  • Guo Shuaipeng
  • XIE JIAFU
  • SUN LIN
  • ZHANG WENCHANG
  • HE ZHEN

Assignees

  • 联通(河南)产业互联网有限公司

Dates

Publication Date
20260505
Application Date
20260313

Claims (10)

  1. 1. The cross-platform local area network file transmission method based on environment awareness and dynamic trust establishment is characterized by comprising the following steps: S1, discovering online equipment in a local area network through a mixed discovery protocol of environment awareness to obtain an online equipment list; s2, establishing an end-to-end encrypted secure transmission channel with the target equipment through a three-step handshake process based on the online equipment list; and S3, transmitting the file through the secure transmission channel, wherein the transmission comprises file sending or folder synchronization.
  2. 2. The method for transmitting a file in a cross-platform local area network based on context awareness and dynamic trust establishment according to claim 1, wherein in step S1, the discovering online devices by using the context awareness hybrid discovery protocol to obtain an online device list includes: s1.1, verifying the received effective response by sending and monitoring an enhanced UDP multicast message to obtain first-class online equipment; s1.2, when any multicast response is not received in a preset period, judging that the network is in a network isolation state; s1.3, sending a detection message to a public service port in a local area network in a network isolation state to obtain a candidate beacon equipment set; S1.4, calculating a comprehensive load value according to CPU utilization rate, memory utilization rate and network bandwidth utilization rate of each device in the candidate beacon device set to obtain a load evaluation result; s1.5, selecting the device with the lowest comprehensive load value as a target beacon device according to the load evaluation result; S1.6, the second class of online equipment is obtained through the relay discovery information of the target beacon equipment; S1.7, merging the first type online equipment and the second type online equipment to generate an online equipment list; S1.8, when the automatic discovery fails, establishing direct equipment connection in a manual connection mode to obtain third-class online equipment; s1.9, merging the first type of online equipment, the second type of online equipment and the third type of online equipment to obtain a final online equipment list; in step S1.4, an expression of the integrated load value is calculated: L=α×CPU_usage+β×Memory_usage+γ×Net_usage; Where L is the integrated load value, cpu_usage is the CPU utilization, memory_usage is the Memory utilization, net_usage is the network bandwidth utilization, α=0.3, β=0.2, γ=0.5.
  3. 3. The method for transmitting a file in a cross-platform local area network based on context awareness and dynamic trust establishment according to claim 1, wherein in step S2, the establishing an end-to-end encrypted secure transmission channel with the target device through a three-step handshake procedure includes: s2.1, sending a connection request, wherein the connection request comprises an initiator device fingerprint and network environment context information; S2.2, calculating and obtaining a credibility reference score according to the context information of the network environment; S2.3, displaying the equipment fingerprint, the credibility reference score and the corresponding risk prompt, and receiving user confirmation to obtain a user confirmation instruction; S2.4, executing key exchange according to the user confirmation instruction to obtain an encryption key; S2.5, establishing a secure transmission channel by using the encryption key; In step S2.2, the expression for calculating the confidence reference score is: ; Wherein S is a confidence reference score, w s is a weight coefficient of SSID, w s >w g >w t 、m s is SSID matching degree, m s =0 or m s =1、w g is a weight coefficient of gateway IP address segment, m g is gateway IP address segment matching degree, m g =0 or m g =1、w t is a weight coefficient of system time difference, m t is system time difference matching degree, when the difference between the initiator time stamp and the receiver time stamp does not exceed a preset threshold value for 120 seconds, m t =1, otherwise, m t =0.
  4. 4. The method for transmitting a file in a cross-platform local area network based on context awareness and dynamic trust establishment according to claim 1, wherein in step S3, transmitting the file through the secure transmission channel comprises: s3.1, respectively constructing Merkle hash trees for a source folder and a target folder to obtain corresponding root hash values; s3.2, comparing the root hash values, and judging whether folders are consistent; S3.3, if the nodes are inconsistent, comparing the Merkle tree nodes layer by layer to obtain a difference file set; and S3.4, only transmitting the difference file set to complete folder synchronization.
  5. 5. The method for transmitting a file in a cross-platform local area network based on context awareness and dynamic trust establishment according to claim 1, wherein the hybrid discovery protocol comprises the following discovery modes: Active multicast discovery, namely periodically sending an enhanced UDP multicast message and verifying a response to obtain an online device; Passive monitoring discovery, namely monitoring a multicast address, and verifying an HMAC signature of a HEARTBEAT message to obtain an online device; Under the network isolation state, candidate beacon equipment is obtained through multi-port detection, a target beacon is selected based on load evaluation, and online equipment is obtained through target beacon relay discovery information; And (3) manual connection discovery, namely establishing equipment connection through a two-dimensional code or temporary TCP connection when automatic discovery fails, and obtaining the online equipment.
  6. 6. A cross-platform local area network file transfer system based on context awareness and dynamic trust establishment, comprising: The device discovery module (1) is used for discovering online devices in the local area network through a mixed discovery protocol of environment awareness to obtain an online device list; The safe transmission channel establishing module (2) is used for establishing an end-to-end encrypted safe transmission channel with the target equipment through a three-step handshake process based on the online equipment list; And the file transmission module (3) is used for transmitting the file through the secure transmission channel, wherein the transmission comprises file sending or folder synchronization.
  7. 7. The cross-platform local area network file transfer system based on context awareness and dynamic trust establishment of claim 6 wherein the device discovery module (1) comprises: the first type online equipment discovery unit (11) is used for verifying the received effective response by sending and monitoring the enhanced UDP multicast message to obtain first type online equipment; a network isolation determination unit (12) for determining to be in a network isolation state when any multicast response is not received within a preset period; a candidate beacon device set acquisition unit (13) for sending a detection message to a public service port in the local area network in a network isolation state to obtain a candidate beacon device set; The load evaluation unit (14) is used for calculating a comprehensive load value according to the CPU utilization rate, the memory utilization rate and the network bandwidth utilization rate of each device in the candidate beacon device set to obtain a load evaluation result; a target beacon device electing unit (15) for electing a device with the lowest comprehensive load value as a target beacon device according to the load evaluation result; A second type online device discovery unit (16) configured to relay discovery information through the target beacon device to obtain a second type online device; an online device list generating unit (17) configured to combine the first type online device and the second type online device to generate an online device list; A third type online equipment discovery unit (18) for establishing direct equipment connection by a manual connection mode when the automatic discovery fails, so as to obtain third type online equipment; A final online device list generating unit (19) configured to combine the first type online device, the second type online device, and the third type online device to obtain a final online device list; Wherein the expression in which the load evaluation unit (14) calculates the integrated load value is: L=α×CPU_usage+β×Memory_usage+γ×Net_usage; Where L is the integrated load value, cpu_usage is the CPU utilization, memory_usage is the Memory utilization, net_usage is the network bandwidth utilization, α=0.3, β=0.2, γ=0.5.
  8. 8. The cross-platform local area network file transfer system based on context awareness and dynamic trust establishment of claim 6, wherein the secure transfer channel establishment module (2) comprises: a connection request transmitting unit (21) for transmitting a connection request containing an initiator device fingerprint and network environment context information; a credibility reference score calculating unit (22) for calculating a credibility reference score according to the context information of the network environment; the user confirmation unit (23) is used for displaying the equipment fingerprint, the credibility reference score and the corresponding risk prompt, receiving user confirmation and obtaining a user confirmation instruction; An encryption key exchange unit (24) for performing key exchange according to the user confirmation instruction to obtain an encryption key; a secure transmission channel establishing unit (25) for establishing a secure transmission channel using the encryption key; wherein the expression for calculating the credibility reference score by the credibility reference score calculating unit (22) is as follows: ; Wherein S is a confidence reference score, w s is a weight coefficient of SSID, w s >w g >w t 、m s is SSID matching degree, m s =0 or m s =1、w g is a weight coefficient of gateway IP address segment, m g is gateway IP address segment matching degree, m g =0 or m g =1、w t is a weight coefficient of system time difference, m t is system time difference matching degree, when the difference between the initiator time stamp and the receiver time stamp does not exceed a preset threshold value for 120 seconds, m t =1, otherwise, m t =0.
  9. 9. The cross-platform local area network file transfer system based on context awareness and dynamic trust establishment of claim 6 wherein the file transfer module (3) comprises: The Merkle hash tree construction unit (31) is used for respectively constructing Merkle hash trees for the source folder and the target folder to obtain corresponding root hash values; A folder consistency judging unit (32) for comparing the root hash values and judging whether the folders are consistent; The difference file set acquisition unit (33) is used for comparing Merkle tree nodes layer by layer if the difference file sets are inconsistent, so as to obtain the difference file set; and the difference file transmission unit (34) is used for only transmitting the difference file set and completing folder synchronization.
  10. 10. The cross-platform local area network file transfer system based on context awareness and dynamic trust establishment of claim 6 wherein the hybrid discovery protocol comprises the following discovery means: The active multicast discovery unit is used for obtaining the online equipment by periodically sending the enhanced UDP multicast message and verifying the response; the passive monitoring discovery unit is used for monitoring the multicast address, verifying the HMAC signature of the HEARTBEAT message and obtaining the online equipment; the beacon relay discovery unit is used for acquiring candidate beacon equipment through multiport detection under a network isolation state, selecting a target beacon based on load evaluation, and acquiring online equipment through target beacon relay discovery information; and the manual connection discovery unit is used for establishing equipment connection through the two-dimensional code or temporary TCP connection when the automatic discovery fails, so as to obtain the online equipment.

Description

Cross-platform local area network file transmission method and system based on environment awareness and dynamic trust establishment Technical Field The invention relates to the technical field of local area network communication and file transmission, and discloses a cross-platform local area network file transmission method and system based on environment awareness and dynamic trust establishment. Background In cross-platform local area network office and living scenarios, file transfer and folder synchronization between multiple terminals (Windows, macOS, linux, iOS, android, etc.) are increasingly required. The traditional local area network file transmission mode has the defects that the equipment discovery mode is single, discovery failure is easy to occur in a network isolation and cross-subnet scene, and an effective relay and backup discovery mechanism is not available; the transmission channel lacks end-to-end encryption protection, is easily subjected to local area network security threats such as disguise attack, replay attack and the like, and the trust establishment among devices lacks dynamic environment perception and quantitative evaluation; In the prior art, although some schemes attempt to solve the above single problem, such as discovery of a single multicast device, simple encryption transmission or incremental synchronization, each technical module is independent of each other, and a cooperative system is not formed, so that the comprehensive requirements of cross-platform, high reliability, high security, high-efficiency transmission and special scene adaptation cannot be met at the same time, and the method is difficult to be applied to a complex local area network environment. Disclosure of Invention The invention solves the problems of poor robustness of equipment discovery, lack of dynamic evaluation of trust establishment, low transmission efficiency and the like in the traditional local area network file transmission, and therefore, the invention provides a cross-platform local area network file transmission method and system based on environment awareness and dynamic trust establishment. In order to achieve the technical effects, the technical scheme adopted by the invention is that a cross-platform local area network file transmission method based on environment awareness and dynamic trust establishment specifically comprises the following steps: S1, discovering online equipment in a local area network through a mixed discovery protocol of environment awareness to obtain an online equipment list; s2, establishing an end-to-end encrypted secure transmission channel with the target equipment through a three-step handshake process based on the online equipment list; and S3, transmitting the file through the secure transmission channel, wherein the transmission comprises file sending or folder synchronization. As a preferred embodiment, in step S1, the discovering online devices by using the context-aware hybrid discovery protocol, to obtain an online device list, includes: s1.1, verifying the received effective response by sending and monitoring an enhanced UDP multicast message to obtain first-class online equipment; s1.2, when any multicast response is not received in a preset period, judging that the network is in a network isolation state; s1.3, sending a detection message to a public service port in a local area network in a network isolation state to obtain a candidate beacon equipment set; S1.4, calculating a comprehensive load value according to CPU utilization rate, memory utilization rate and network bandwidth utilization rate of each device in the candidate beacon device set to obtain a load evaluation result; s1.5, selecting the device with the lowest comprehensive load value as a target beacon device according to the load evaluation result; S1.6, the second class of online equipment is obtained through the relay discovery information of the target beacon equipment; S1.7, merging the first type online equipment and the second type online equipment to generate an online equipment list; S1.8, when the automatic discovery fails, establishing direct equipment connection in a manual connection mode to obtain third-class online equipment; s1.9, merging the first type of online equipment, the second type of online equipment and the third type of online equipment to obtain a final online equipment list; in step S1.4, an expression of the integrated load value is calculated: L=α×CPU_usage+β×Memory_usage+γ×Net_usage; Where L is the integrated load value, cpu_usage is the CPU utilization, memory_usage is the Memory utilization, net_usage is the network bandwidth utilization, α=0.3, β=0.2, γ=0.5. As a preferred embodiment, in step S2, the establishing an end-to-end encrypted secure transmission channel with the target device through the three-way handshake procedure includes: s2.1, sending a connection request, wherein the connection request comprises an initiator device fingerpr