The invention relates to the general field of the protection and management of personal data of users in a telecommunications network.
In this document, the ‘notion of personal data’ is to be understood in the widest sense and refers to any item of data over which a user wishes to retain control.
By way of non-limiting examples, the identity or the address of a physical person, the data from a banking transaction carried out by a physical or moral person, a message exchanged over a telecommunications network, geolocation data of an individual, photographs or videos acquired by an individual or received from a third party, a digital contract constitute personal data in terms of the invention.
In the current state of the art, the personal data of a user are generally managed by service providers the user subscribes to.
For example, for a user owning a bank account and a social network account it is usual for the user to provide both personal data to the banking organisation and also personal data to the operator of the social network.
This results in the user having control over his personal data, since it is very difficult for him to determine the processing carried out on these data by the service providers.
According to a first aspect, the invention relates to a process for constitution of a history of personal data of a user, this process being executed by a terminal of the user and comprising:
According to a second aspect, the invention relates to a management process, executed by a computer system, for managing the personal data of a plurality of users, this process comprising the management of a general database in which blocks are recorded, each block comprising said personal encrypted data of a said user, said blocks comprising the personal encrypted data of the same user being organised according to a blockchain constituting a sub-graph of the same general graph whereof the topology is defined by a preset data model, a root block of said sub-graph being associated with a cryptographic datum specific to this user.
In an embodiment, the cryptographic datum associated with a user is a dynamic non-fungible token of this user.
In another embodiment, the cryptographic datum associated with a user is the public key of a digital wallet (digital wallet) of this user.
In this way, and in general, the invention proposes storing a history of the personal data of users in a blockchain and linking the history of the personal data to a cryptographic datum specific to this one user, for example to a dynamic non-fungible token of this user or to the public key of a digital wallet kept by this user. In terms of the invention, users can especially be physical or moral persons.
Hereinbelow ‘digital wallet’ means a material device or secure storage and management software of digital files in the broadest sense and of digital files associated uniquely with one user, such as units of cryptocurrency and/or non-fungible tokens. In this respect, a digital wallet comprises a public key associated with the user. Such a digital wallet can for example enable electronic transactions with another party when exchanging units of cryptocurrency.
In this way, in keeping with the invention a cryptographic datum specific to a user, for example a dynamic non-fungible token or the public key of a digital wallet, points to the input node of a graph representing the history of the personal data of this user (or user) according to mapping defined by the preset data model.
The fact of linking all the personal data in a block graph, due to its probative value, ensures the immutability of the history of these data. Also, when the cryptographic datum is a dynamic non-fungible token, the invention ensures that the user remains owner of all of his past and future personal data once they are integrated into the blockchain.
The act of linking all the personal data of a user to a cryptographic datum specific to the user also lets a user ensure portability of his data in heterogeneous environments and considerably simplifies access of this user to new services.
In fact, when knowledge about a user (KYC, ‘Know Your Customer’) has been obtained via verification of documents of this user associated with a cryptographic datum (dynamic non-fungible token, public key of a digital wallet) in a first environment (for example verification of identity, credentials, eligibility, . . . ) for a first service (for example on opening a bank account) and the proof of the result of this verification is integrated into the data associated with this cryptographic datum, in a second environment obtaining this cryptographic datum directly attributes rights to this user for a second service (reservation of a vehicle for example), without restarting verification of his documents.
The invention proposes using the cryptographic datum specific to a user as element of proof of the identity of the user. When the cryptographic datum is a non-fungible token this datum also presents the characteristics of being non-repudiable and unfalsifiable. The non-fungible character of the token also ensures that this property title cannot (contrary to a digital signature for example) be reproduced or utilised unknown to the user.
The use of a cryptographic datum specific to the user (non-fungible token, public key of digital wallet) in the invention tracks the activity of a physical or moral person irrespective of environment. For example, if a cryptographic datum, especially a non-fungible token, is held by a media organisation (moral person) and the digital contents produced by this media organisation are recorded in the general graph associated with this cryptographic datum, it is very simple, regardless of environment, to prove that one of these digital contents comes from this media organisation.
In the implementation, the proof of ownership constituted by a cryptographic datum specific to the user can be managed either explicitly with visible identity of the user as physical or moral person, or totally anonymously. A user can circulate digital information linked to a cryptographic datum (non-fungible token, public key of digital wallet, . . . ) anonymously, the third party however being able verify that this information is definitely associated with this cryptographic datum.
In an embodiment, the blockchain is a distributed register within a peer network, the terminal being a peer of said network configured to store locally at least one part of said sub-graph, said blocks being stored in a local database of said terminal.
The constitution and consultation of the history of personal data of a user via the terminal of this user can be done asynchronously, off-grid, and be resynchronised without degradation of functionalities and of the security of the solution.
In an embodiment, the data model defines how branches of said sub-graph comprise blocks whereof the personal encrypted data correspond to timestamped geolocation data of said terminal during detected displacement of said terminal.
In this embodiment of the invention, the terminal of a user detects displacements. When a new displacement is detected a new branch is created in the sub-graph of the user, blockchains comprising timestamped encrypted geolocation data are integrated into the branch throughout displacement and when the position of the terminal is detected unchanged during a predetermined period, the branch stops.
In an embodiment, the data model defines how blocks whereof the personal encrypted data correspond to a digital activity of the terminal on a given date or to data received from a third party on a given date is attached, in the sub-graph of the user, to a block whereof the personal encrypted data correspond to geolocation data of said terminal timestamped on said given date.
This embodiment advantageously dates and locates all the digital activities of a user. By way of example, it ensures that a photograph acquired by the terminal of a user has been acquired on a given date and while the terminal was at a given place.
In a particular embodiment of the invention, the personal geolocation data can be associated with elements of proof of the presence of the terminal at the given position at an instant, these elements of proof being for example elements of proof signed and supplied by an operator of telecommunications capable of validating these elements by demarcation.
In an embodiment, the process of constituting personal data of a user comprises a step of integration into the sub-graph of a user, of a digital contract to which this user is party, the contract being encrypted by a public key of the terminal of the user, a public key of at least one other party to the contract and a public key of a digital trust environment, said contract comprising at least:
In this embodiment of the invention, the process for management of personal data of a plurality of users comprises a step for management of a set of instances of a digital trust environment, a said instance being configured to:
According to this aspect, the invention proposes that the contracts which analyse the personal data of users are executed in an environment of trust, and not by the terminals of the parties to the contract so as not to expose the personal data of these parties. The execution in an environment of trust is also known to the skilled person by the expression ‘Confidential computing’.
In a preferred embodiment, these contracts integrate access delegations to the personal encrypted data for exclusive use of the environment of trust wherein these data are analysed, this environment of trust being configured to decrypt all or some of the personal data of a party to the contract, analyse them and transmit the results of the analysis to one or more parties to the contract.
This embodiment of the invention advantageously allows execution of contracts between parties having heterogeneous environments. The invention in particular allows portability of the data of a user in the Metaverse (registered mark), including execution, in the Metaverse, of digital contracts needing analysis of the personal data of the parties to the contract and ensuring protection of these personal data.
In an embodiment, when the cryptographic datum specific to a user is a dynamic non-fungible token, the process of constitution of a history of personal data comprises a step for generation of at least one second dynamic non-fungible token for said user and a step for association of a sub-graph of said sub-graph with said second dynamic non-fungible token.
The user owner of the dynamic non-fungible token to which the root of the sub-graph is attached comprising the history of his personal data can generate tokens pointing to a sub-part of this sub-graph, for example on a branch of this sub-graph.
This characteristic advantageously lets the user exploit a part of his history separately.
Another aim of the invention is a terminal comprising a processor configured to carry out:
Another aim of the invention is a server for management of personal data of a plurality of users, this server comprising a processor configured to manage a general database in which blocks are recorded, each block comprising personal encrypted data of a user, the blocks comprising the personal encrypted data of the same user being organised according to a blockchain constituting a sub-graph of the same general graph whereof the topology is defined by a preset data model, a root block of said sub-graph being associated with a cryptographic datum specific to this user.
The general database utilised in the invention can be centralised (for example administered by the server for management of personal data) or distributed.
Another aim of the invention is a computer program on a recording medium, this program being likely to be run on a computer. This program comprises instructions adapted to executing a process for constitution of a history of personal data such as described above.
Another aim of the invention is a computer program on a recording medium, this program being likely to be run on a computer. This program comprises instructions adapted to execute a process for management of personal data of a set of users such as described above.
Each of these programs can utilise any programming language, and can be in the form of source code, object code, or intermediate code between source code and object code, such as in a partially compiled form, or in any other preferable form.
Another aim of the invention is an information medium or a recording medium legible by a computer, and comprising instructions of the first or of the second or of the third computer program such as mentioned above.
The information or recording media can be any entity or device capable of storing the programs. For example, the media can comprise storage means such as a ROM, for example a CD ROM or a ROM of microelectronic circuit, or even magnetic recording means, for example a hard drive, or a flash memory.
On the other hand, the information or recording media can be transmittable media such as an electric or optic signal which can be conveyed via an electrical or optic cable, via radio link, wireless optic link or by other means.
The programs according to the invention can be downloaded in particular over a network of Internet type.
Alternatively, each information medium or recording medium can be an integrated circuit into which a program is incorporated, the circuit being adapted to execute or to be used in the execution of one of the processes according to the invention.
Other characteristics and advantages of the present invention will emerge from the following description in reference to the attached drawings which illustrate an exemplary embodiment devoid of any limiting character, in which:
In the embodiment described here, the server SDP for management of personal data is configured to offer:
As described in detail hereinbelow, the historical data service HIST of personal data lets a user who subscribes to this service constitute and maintain, from his mobile terminal, a history of his personal data, to give this history a probative value and ensure its portability by linking this history to a dynamic non-fungible token as property of this user.
The GES-CONT service for management of contract executes, in a digital trust environment ECN, a digital contract passed between at least two parties, without exposing the personal data of these parties. In this respect, and as described later, the digital contracts managed by the invention integrate delegated access to the personal data of the user for the digital trust environment ECN.
In the embodiment described here, the server SDP for management of personal data also comprises a module GES-ECN for management of this digital trust environment ECN.
This digital trust environment ECN constitutes a protected environment (Trusted Execution Environment) in which contracts formed between two or more parties (users as physical or moral persons, service providers, . . . ) can be executed.
In the embodiment described here, the module GES-ECN for management of a digital trust environment of the server SDP for management of personal data is configured to dynamically administer in the network a variable number of instances ECNi, ECNj of the digital trust environment ECN as a function of the number of contracts to be executed.
In the embodiment described here, these instances ECNi, ECNj of the digital trust environment are cloned by the module GES-ECN. These cloned instances all comprise the same module EXEC-CONT for executing a contract and the same pair of keys comprising a public key KPUBECN and an associated private key KPRIVECN stored in a rewritable non-volatile memory MECN.
In the embodiment described here, the terminal TA is a mobile phone.
In this example it is assumed that the user A has downloaded and installed in his terminal TA an application APP with the server SDP for management of personal data, this application letting the user A access the services offered by the server, especially the historical data service HIST of personal data and the GES-CONT service for management of digital contracts.
The application APP comprises a cryptographic module MCY.
In the embodiment described here, it is assumed that the application APP also comprises a GEN-CONT module for generation of a contract letting the user of the terminal TA form with one or more other parts of contracts intended to be executed in the digital trust environment ECN. These operations are detailed later in reference to
In the embodiment described here, the terminal TA comprises a module MDD for detection of displacements of the terminal TA.
In this example, the module for detection of displacements MDD comprises artificial intelligence IA, a GPS geolocation module and a detector of movement MVT comprising for example an accelerometer and a gyroscopic sensor for measuring the linear acceleration, the orientation and the angular speed of the terminal TA.
This module for detection of displacement MDD is configured to generate timestamped personal geolocation data DPGEOA of the user A, these data comprising positions Pi occupied by the terminal TA in the real world on dates Ti.
In the embodiment described here, the terminal TA also comprises a camera CAM and a payment application PAY. It is assumed that the photographs acquired by the camera CAM and that the transactions performed with the application PAY constitute personal data DPDigActA of the user A representative of digital activities performed by the user A. Other digital activities are possible, for example the sending or receipt of messages (electronic mail, short texts, . . . ) executed with messaging applications of the terminal TA, not shown.
In the embodiment described here, the terminal TA is also configured to manage personal data DP3rdPA acquired from third parties, for example from an administrative service, a bank, insurance, a business, . . .
In general, the personal data of the user A will be denoted DPA, those able for example to comprise, and in a non-limiting manner, personal geolocation data DPGEOA, personal data DPDigActA representative of digital activities and personal data DP3rdPA acquired from third parties.
In the embodiment described here, the server SDP comprises a centralised general database BDC which stores the history of the personal encrypted data of all users who have subscribed to the service HIST.
In the embodiment described here, the personal encrypted data of users are organised according to an n-dimensional blockchain.
In the embodiment described here, this n-dimensional blockchain takes the form of a general direct acyclic graph GC whereof the topology is defined by a preset data model which will be described hereinbelow in reference to
This blockchain constitutes a distributed register which can be updated within a peer network.
In the embodiment described here, the terminal of a user who has subscribed to the historical data service HIST of his personal data is a pair of this network. By way of example, the terminal TA locally maintains:
The terminal TA can therefore work offline and asynchronously by exploiting the ownership of the graphs.
In this way, in the embodiment described here, and as described later in reference to
The synchronisation between the pairs is ensured by the general database BDC. When a pair creates or receives a new block, it adds it to its copy of the register and then transmits it to its pair nodes. When the latter receive it, they verify that this new block is valid. If the block is valid, they integrate it on their register and transmit it in turn to their pairs.
In the example illustrated here, the general graph GC comprises especially a sub-graph SGA which illustrates the organisation of encrypted personal data DPA of the user A in the general database BDC or in the local database BDA, assuming these bases are synchronised. As mentioned previously, the topology of the general graph GC (and therefore in particular of the sub-graph SGA) is defined by a preset data model.
In the embodiment described here, the module for detection of displacements MDD of the terminal TA is configured to detect a type of displacement of the terminal TA in the real world, for example travel by car or travel by foot.
In the exemplary embodiment described here, and as per the preset data model, the sub-graph of personal data of a user comprises especially a branch for each of the detected displacements of this user.
For example, in
This example is non-limiting, and other types of travel not shown are possible.
As shown more precisely for the branch F5, each branch associated with a displacement comprises a set of blocks, each block Bi comprising an encrypted geolocation Pi and a date Ti, which indicate that during displacement associated with this branch F5 the terminal TA was located at the position Pi at the instant Ti.
When the module for detection of displacements MDD detects that a journey is completed, for example, when the position of the terminal TA is detected unchanged over a predetermined period, the branch stops. If a new displacement is detected, a new branch is created.
The example in
In line with the particular data model described here, the branches associated with detected displacements of the terminal of a user constitute the principal skeleton of the sub-graph of a user.
In the embodiment described here, the sub-graph SGA can also comprise blocks comprising encrypted personal data DPDigActA of the user A acquired during digital activities performed by the terminal TA.
In the embodiment described here, the sub-graph SGA can also comprise blocks comprising encrypted personal data DP3rdPA of the user A acquired from third parties.
In the embodiment described here, a block comprising data associated with a digital activity or received from a third party on a given date is attached in the sub-graph SGA to a block comprising this date and the geolocation of the terminal TA on this date.
In this way, by way of example,
This sub-graph evolves dynamically, growing richer from the personal data of the user.
Highly advantageously, the sub-graph SGA of the blockchain comprising the personal data DPA of a user A ensures the immutability of the history of these data and their authenticity when they are validated by an external third party of trust.
As is known to the skilled person, to give the graph its probative value it is necessary, for example at regular intervals, to integrate therein data produced by an external third party of trust (for example another blockchain). For example, the terminals can transmit the hash of the last block of the graph to this third party of trust, the third party of trust produces information from this hash, and this information signed by the third party of trust is integrated into the graph.
In a particular embodiment, the history of the personal data of a user is attached by the server SDP for management of personal data to a dynamic non-fungible token.
For example, and as described later, in reference to
An embodiment of the invention is described hereinbelow in which the cryptographic datum specific to the user is a non-fungible token NFTA, the invention accordingly letting the user attach his history of personal data to his dynamic non-fungible token NFTA.
In a particular embodiment of the invention, the user A, owner of the dynamic non-fungible token NFTA can generate at least one second non-fungible token NFTA2 and associate a sub-graph of his sub-graph SGA to this second non-fungible token.
It is now assumed that the user A and the service provider SP have subscribed to the GES-CONT service for management of digital contracts and that they want to set up a digital contract AGECNA,SP intended to be executed by an instance ECNi of the digital trust environment ECN so as not to expose the personal data of the parties to the contract during execution of the contract.
It is assumed that the terminal TSP of the service provider SP has downloaded an application GEN-CONT for generation of a contract from the server SDP, compatible with that of the application APP downloaded by the terminal TA.
It is assumed that a user of the terminal SDP has used the application GEN-CONT to open an account with the server SDP for management of personal data to subscribe to the GES-CONT service for management of contract
Following opening of this account, a rewritable non-volatile memory MSP of the terminal TSP comprises, in this example:
In the embodiment described here, the service provider SP uses his application GEN-CONT to set up a contract proposal noted AGECN*A,SP. In the embodiment described here, the analyses to be performed on the data of the user, their frequency, the length of the contract, the format of the results, the rules of dissemination of the result are described explicitly in the contract proposal.
An example of contract proposal AGECN*A, SP is shown in
The encryption key KSSP encrypted with the public key KPUBECN is noted [KSSPECN].
When the terminal TA obtains this encrypted contract proposal, it verifies the signature SIGSP with the public key KPUBSP of the service provider SP.
If the user A of the terminal TA accepts the contract proposal, he inserts his encryption key KSA encrypted with the public key KPUBECN common to the instances ECNi of the digital trust environment, signs this proposal completed with his private key KPRIVA, and inserts his signature SIGA into the contract proposal to form the contract AGECNA, SP. The encryption key KSA encrypted with the public key KPUBECN is noted [KSAECN].
The contract AGECNA, SP formed in this way is shown in
In the embodiment described here, the contract AGECNA, SP is signed with the public keys KPUBA, KPUBSP of the parties A and SP to the contract, and with the public key KPUBECN common to all the instances ECNi of the digital trust environment. Each of the parties A and SP and any instance ECNi of the digital trust environment ECN can decrypt the contract by using its sole private key.
The execution of the contract by an instance of the digital trust environment is described in reference to
The invention can be transposed directly to other embodiments in which the cryptographic datum specific to the user is not a dynamic non-fungible token, especially when it is constituted by a public key of a digital wallet.
During a step E40, the user A of the terminal TA creates his account with the historical data service HIST of personal data provided by the server SDP. In the embodiment described here, to this effect the user A utilises a local application APP previously downloaded via his terminal TA from the server SDP for management of personal data, to obtain and register in the memory MA of the terminal TA:
These elements (identifiers, pair of keys, symmetric encryption key, unique identifier) are preferably generated by the terminal TA, for example by the local application APP.
They are preferably stored in a memory MA of the terminal TA.
During a step E42, the terminal TA integrates its confidential unique identifier IDA into the root block BRA of its structure of data SGA, and encrypts the root block BRA with its symmetric encryption key KSA. This block of encrypted data is noted H[BRAA]. An output hash H([BRAA]) of the root block is calculated by applying the hash function H to the block of encrypted data [BRAA].
During a step E43, the root block BRA is associated with a descriptor DESCRA of this block, also encrypted with the symmetric encryption key KSA of the terminal TA. This encrypted descriptor is noted [DESCRAA].
The descriptor DESCRA of the root block BRA is for example the chain of characters ‘Block root’. This descriptor lets anyone who has the symmetric encryption key KSA to find the root block BRA of the structure of data of the user A.
The choice of the descriptor can be any. But in a preferred embodiment of the invention the choice of the descriptor is defined in the preset data model. This model contains for example a convention on the descriptors to be used.
In the embodiment described here the root block comprises no hash connecting it to one or more previous blocks of data.
During a step E44, the encrypted root block [BRAA] is stored in the local databases BDA of the terminal TA in association with its encrypted descriptor [DESCRAA]. The encrypted root block [BRA], and its associated encrypted descriptor [DESCRAA] are sent to the server SDP when a connection network is available. They are recorded in the general database BDC and the encrypted root block [BRA] is synchronised with the general graph GC.
During a step E45, the terminal TA transmits the hash H([BRAA]) output of the root block BRA of its graph SGA to the server SDP for management of personal data.
During a step E46, the server SDP for management of personal data creates a dynamic non-fungible token NFTA whereof it accords ownership to the user A and it associates the output hash H([BRAA]) of the root block to this non-fungible token NFTA.
It is clear that the output hash H([BRAA]) cannot be found in the different encrypted blocks and therefore cannot be associated with the data of the user A other than to keep the symmetric encryption key KSA of this user.
As mentioned previously, these personal data DPA can be timestamped personal data DPGEOA of geolocation of the terminal TA, acquired during detected displacements of the terminal TA, for example during mobility activities (walking, biking, running, car travel, . . . ). Such data comprise for example GPS positions Pi−1, Pi, Pi+1 at successive instants Ti−1, Ti, Ti+1 of the terminal TA during displacement.
As mentioned previously, these personal data DPA can be personal data DPDigActA corresponding to digital activities performed on the terminal TA, for example the taking of a photograph or a video, a message exchange, an interaction with an application of the terminal TA.
As mentioned previously, these personal data DPA can be personal data DP3rdPA acquired from third parties, for example an administrative service, a bank, insurance, a business, . . .
In the embodiment described here the personal data DPA of the user A are integrated automatically into the history of the user as soon as they are detected by the terminal TA. As a variant, at least some data are integrated only on express authorisation of the user on his terminal.
It is assumed that during a step E50 the terminal TA detects a personal datum DPA to be integrated into the history of the personal data of the user A.
During a step E52, the personal datum DPA is integrated into a block Bi of the graph SGA, the position of this block in the graph being defined by a preset data model.
As described previously in reference to
The terminal TA encrypts the block Bi with its symmetric encryption key KSA. This block of encrypted data is noted [BiA]. An output hash H([BiA]) of the block Bi is calculated by applying the hash function H to the block of encrypted data [BiA].
During a step E54, the encrypted block Bi is associated with a descriptor DESCi of this block, for example selected in keeping with the convention of the preset data model. This descriptor DESCi is also encrypted with the symmetric encryption key KSA of the terminal TA. This encrypted descriptor is noted [DESCiA].
For example:
During a step E56, the block of encrypted data [BiA] is stored in the local databases BDA of the terminal TA in association with the encrypted descriptor [DESCiA]. The block of encrypted data [BiA], associated with the encrypted descriptor [DESCiA] is synchronised with the general graph GC when a network connection is available.
It is evident that the entire graph SGA representative of the history of the personal data of the user A does not have to be stored permanently on the terminal TA. Regular updating of a collection of blocks in the local database BDA of the terminal TA can be defined for example by the data model and by the current state of the graph. The strategy of conservation of a partial history on the terminal TA can depend on functional choices (data necessary for functioning and constitution of a non-repudiable history) and performance (latency access blocks in the local database vs. online access).
The constitution and consultation of the history of personal data DPA by the terminal TA can be done asynchronously, off-network, and be resynchronised without degradation of the functionalities and security of the solution.
Inversely, access to a block of data Bi is done from the associated descriptor DESCi. It can be assumed that user A wants to consult the blocks associated with a descriptor DESCi, for example constituted by the chain of characters ‘2021 Jun. 4∥By car. During a step E60, the user selects a descriptor in keeping with the convention of the preset data model. During a step E62, this descriptor DESCi is encrypted with the symmetric key KSA of the user to produce an encrypted descriptor [DESCiA].
During a step E64, the encrypted blocks [BiA] corresponding to the encrypted descriptor [DESCiA] are identified.
During a step E66, the encrypted blocks [BiA] identified with the preceding step (E64) are decrypted with the symmetric key KSA of the terminal TA to produce the decrypted blocks Bi.
According to the needs of the user, the content of the decrypted blocks Bi can be presented to the user A during a step E68. The graph SGA of personal data DPA can be reconstituted by using the hierarchy (father-son links) between the blocks of the graph SGA, this hierarchy able to be deduced from the hashes contained in the blocks of data.
It is noted that the structure of the sub-graph SGA can appear before or advantageously after decryption of the personal data DPA.
The entire graph SGA can be verified by the terminal TA.
In the embodiment described here, during a general step E700, the server SDP for management of personal data manages a set of instances ECNi, ECNj of the digital trust environment cloned together. As described previously, these instances all comprise the same module EXEC-CONT for executing a contract and the same pair of public key KPUBECN, private key KPRIVECN. In the embodiment described here instances are created or destroyed as a function of the number of contracts recorded in the general graph GC.
During a step E70, the party SP prepares a contract proposal AGECN*A, SP between party SP and party A.
This contract proposal AGECN*A, SP comprises, as shown in
ECN and/or a code CODE executable by this instance ECNi to perform analyses on personal data DPA of A;
During a step E71, the party SP signs the contract proposal AGECN*A, SP with its private key KPRIVSP. This signature is noted SIGSP.
During a step E72, the party SP transmits the contract proposal AGECN*A, SP and the signature SIGSP to the party A.
If the party A accepts the contract proposal AGECN*A, SP, during a step E73, the terminal TA signs the contract proposal AGECN*A, SP, with the private key KPRIVA of A. This signature is noted SIGA.
During a step E74, the terminal TA inserts this signature SIGA into the contract proposal AGECN*A, SP as well as its public KPUBA encrypted with the public key KPUBECN common to the different instances ECNi of the digital trust environment. The public key KPUBA encrypted with the public key KPUBECN is noted [KPUBAECN].
The contract proposal AGECN*A, SP initiated by the party SP and accordingly accepted by the party A can then be qualified by contract AGECNA, SP formed between the parties A and SP. During a step E75, the contract AGECNA, SP comprising the two signatures SIGSP, SIGA is encrypted asymmetrically with the public keys KPUBA, KPUBSP of the parties A and SP and with the public key KPUBECN common to the different instances ECNi of the digital trust environment. The contract encrypted in this way is noted [AGECNA, SP].
During a step E76, the contract AGECNA, SP is associated with a descriptor DESCECNA, SP, for example the chain of characters ‘Contract between A and SP’. This descriptor DESCECNA, SP is encrypted with the public keys KPUBA, KPUBSP of the parties A, SP and with the public key KPUBECN common to the different instances ECNi of the digital trust environment. The descriptor encrypted in this way is noted [DESCECNA, SP].
Each of the parties A and SP and any instance ECNi of the digital trust environment ECN can therefore decrypt the contract by using its sole private key KPRIVA, KPRIVSP, KPRIVECN.
During a step E78, the encrypted contract [AGECNA, SP] and its encrypted descriptor [DESCECNA, SP] are integrated into the graph SGA of the user A and the general graph GC. The encrypted contract [AGECNA, SP] is indistinguishable in the general graph GC.
In the embodiment described here, the server SP is notified (E79) that the encrypted contract [AGECNA, SP] is available in the general graph GC and that this contract has been incorporated into the graph SGSP of this server.
As mentioned previously, the encrypted contracts are recorded in the graphs SGA, SGSP of the users A, SP, . . . and in the general graph GC.
In an embodiment of the invention, it is the users who verify whether contracts appear in their graph SGA, SGSP or in the general graph GC. For this, and as described previously in reference to
As a variant, it is the instances ECNi of the digital trust environment which make these verifications in the general graph GC.
During a step E80 which is repeated for example at regular intervals, the terminal TA searches, from their descriptors, for encrypted contracts [AG] appearing in its graph SGA or in the general graph GC.
If the terminal TA identifies an encrypted contract [AGECNA, SP], it deciphers it with its private key KPRIVA during a step E81.
During a step E82, the terminal TA determines from the start date DD of the contract, the finish date DF of the contract and the periodicity PER of the contract whether execution of the contract is scheduled. If this is the case, the terminal TA notifies this at an instance ECNi of the digital trust environment during a step E83. During a step E84, this one instance ECNi of the digital trust environment obtains the encrypted contract [AGECNA, SP] and decrypts it with its private key KPRIVECN.
As described previously in reference to
During a step E85, the instance ECNi decrypts the encryption keys encrypted with its private key KPRIVECN, and obtains the encryption keys KSA, KSSP of each of the parties.
The contract is executed by the instance ECNi of the digital trust environment according to the terms of the contract.
During a step E86, the instance ECNi determines from the description DDP which of the personal data of the parties the analysis must focus on, then performs its analysis by interpreting the interpretable literal description DLII or by executing the code CODE included in the contract. During this analysis, the personal data of the necessary parties are decrypted by the instance ECNi with the symmetric encryption keys of the parties.
By following the parentage links defined by the hashes of the blockchain for the sub-graph of a party, the instance ECNi can verify whether the cryptographic datum specific to a user, for example the non-fungible token NFTA associated with the root block BRA of the sub-graph SGA belongs to the user A (for example associated with the public key KPUBA of the user A in a database) and reconstitute the entirety of the history of the personal data of this party and perform analysis on the personal data targeted by the description DDP.
During a step E87, the instance ECNi formats the result RES of the analysis according to the format FORM defined in the contract. It encrypts this result with the public keys KPUBA, KPUBSP of the parties A, SP. The result encrypted in this way is noted [RES].
During a step E88, the result RES is associated with a descriptor DESCRES, for example the chain of characters ‘Result of execution of the Contract between A and SP’. This descriptor DESCRES is encrypted with the public keys KPUBA, KPUSP of the parties A, SP. The descriptor encrypted in this way is noted [DESCRES].
During a step E89, the encrypted result [RES] and its encrypted descriptor [DESCRES] are integrated into the general graph GC and synchronised with the sub-graphs SGA, SGSP of the parties to the contract, and the terminals of the parties are notified.
As described previously in reference to
The read-only memory 11 constitutes a recording medium in keeping with an exemplary embodiment of the invention, legible by the processor 10 and on which a first computer program P1 is recorded in keeping with an exemplary embodiment of the invention. As a variant, the first computer program P1 is stored in the rewritable non-volatile memory 12.
The first computer program P1 allows the terminal to carry out a process for constitution of a history of personal data in keeping with the invention.
The read-only memory 21 constitutes a recording medium in keeping with an exemplary embodiment of the invention, legible by the processor 20 and on which a second computer program P2 is recorded in keeping with an exemplary embodiment of the invention. As a variant, the second computer program P2 is stored in the rewritable non-volatile memory 12.
The second computer program P2 lets the server for management of personal data carry out a process for management of personal data of a plurality of users in keeping with the invention.
Number | Date | Country | Kind |
---|---|---|---|
FR2203641 | Apr 2022 | FR | national |
Filing Document | Filing Date | Country | Kind |
---|---|---|---|
PCT/FR2023/050465 | 3/31/2023 | WO |