Here, the word “data” encompasses a spectrum ranging from the analog signal to the structured shaping of digital data in the form of information or of directives. The distinctive criterion of the present invention, for its operation, being that this datum is conveyed or preserved within a framework, considered to be the container, which takes the form of a computing or communication protocol.
It may involve static data on their support, as long as access thereto, the integrity thereof or the implementation thereof depend as a prerequisite on a protocol.
Hereinafter the term “file” will connote a document or a computer program, an executable, a software entity, a virtual entity such as a virtual application.
The use of data in the case of a communication can occur for example upon an indication of site of presence via an electronic module situated in a transport vehicle or automatically by way of telecommunications via a central switchboard. The term dialog relates as much to an exchange on the conscious initiative of a person, as to one performed by one of his items of equipment, with or without express consent or compulsory relationship of ownership.
Hereinafter, the term “mail” will connote a message, a dispatching of a file or documents, a telephone call, a visit made by way of telecommunications, and more generally any form of stream, of sending or any form of exchange by linkup or connection.
Hereinafter, the term “author” will connote the sender of this mail. In the case of a passive component such as an RFID tag, the author will be the tag and its bearer, and not the module that created an electromagnetic field. In the case of communicating objects furnished with an identity, the author may be for example a sensor transmitting a signal, as well as its custodian or its bearer. In the case of a static computer file, the term author will be able to encompass, in addition to what or whoever designed it, what or whoever is the custodian, the depository or the manager thereof at the instant concerned.
The hardware support of the mail may be a communication network, notably a telecommunications or telebroadcasting network, as well as mobile physical means such as a USB key, a chip card or magnetic card, a disk, a badge, a ticket such as a subway ticket, a contact or contactless pass such as a transport card. As communicating objects become more commonplace, this field will be broadened to an infinity of supports that are less discernable in their contours but characterized by like functions and using computing or communication protocols.
The recipient object may be a support or a telecommunications or telebroadcasting terminal, and more generally any item of computing or electronic equipment able to participate in information distribution. Involving, as it does, the recipient of a mobile support for mail, this may be a computing machine furnished with sockets such as USB, a portable telephone, a digital assistant or diary, a card reader or disk reader, an automatic dispenser such as for banknotes, an access antechamber or else an identification module, by way of examples.
The invention structures and supports an interplay with several actors, among which are the author, the recipients, so-called anonymization authorities. Interplay which is deployed around a distinctive and characteristic sign inserted into the computing or communication protocol.
It can take the form of a triple device:                on the one hand this marking by a characteristic sign, a so-called stamp, inserted for purposes of distinctiveness, of recognition, as well as transmission of directive or of information. This plurifunctional stamp, placed at the level of the computing or communication protocols, will serve, for a recipient, as information per se or as means for obtaining complementary information via the anonymization authority, optionally supplemented with a suitable device acting as cryptographic protocol for controlling access to instructions;        on the other hand for partitioning and channeling the data or actors;        the third device is to do with the fact that the stamp takes the form of a variable cryptonym, which can itself be linked on the one hand with an invariable and stable pseudonym, on the other hand with what will be termed polynyms, in a particular acceptation.        
The present invention modifies, recomposes and broadens devices expressed in patent application FR 2 932 043 pertaining to a method of tracing and of resurgence of pseudonymized streams on communication networks, and method of sending information streams which is able to secure the data traffic and its addressees.
To this end, the invention relies notably in part on the system of distinctive and characteristic marking, inserted at the level of the protocol, and furnished with functional properties, such as described in patent application FR 2 932 043.
This characteristic sign is called a stamp, by analogy with the affixing of a stamped label in the guise of signature which personalizes but also in the guise of brand mark which modifies, signals and serves as exterior referencing sign. This term of marking, which also encompasses possible encapsulation, covers an operative mode consisting of an addition, a curtailment or a characteristic modification, on a protocol, while complying with the standard of this protocol. By way of examples, this may involve the tagging or watermarking of an IP packet, a steganographic marking or else the use of an additional protocol. This stamp takes on several statuses:                distinctive sign, on its reception or its observation by a third actor;        recognition sign, during subsequent or parallel exchanges.        
This dual status makes it possible, via the interplay of actors required to manipulate and interpret these stamps, to allocate them functionalities.
The general properties which stem therefrom for this system are:                functional;        cryptonymic, in the guise of an author's stamped label affixed in a protocol, which designates it and identifies it, if necessary without naming it other than by an arbitrary convention.        
To obtain the knowledge of the functions and of certain identity attributes concerned, it is necessary to liaise with an anonymization authority, whose informant role renders these two properties operative. The main joint usage of the functional and cryptonymic arrangements consists of a prohibition in relation to reading the identity of an author of a mail, such as it appears otherwise in the remainder of the protocol. This done, the device culminates in a masking stamp for this identity.
A second refinement with respect to the stamp of the protocol consists in varying its effects, in several ways:                It may involve simultaneously using, for one and the same author, several stamps, activatable by choice or according to defined usage charters that can be updated if necessary.        Another way to vary the effects will consist in predefining them as a function of each interlocutor cataloged in advance.        
A third refinement is to do with the fact that the number of stamp in a given protocol is no longer envisaged as a compulsory singular. Several of these distinctive signs will be possible simultaneously in a mail or a file, either for independent uses or users, or to create between these signs bonds, respective sureties, or one-off filiations. It also becomes conceivable that their presence, as much as for example their respective spatial arrangement, are bearers of an additional meaning, interpretable by all the recipients or only some, assisted or not on this occasion by the anonymization authority.
A fourth refinement with respect to the stamp of the protocol is to do with the fact that now not only communication protocols, but also protocols assigned to static data are concerned.
The anonymization authority serves as interface with the author, by allotting the stamp systems thereto, by agreeing on the meaning and the equivalence of these stamps as directives, information or values. It also agrees, with and for it, on a stable pseudonym related to the successive cryptonyms, namely these stamps, and by knowing it by its real identity. It will manage another masking of real identity, by means of polynyms.
With respect to the so-called anonymization authority, already mentioned in patent application FR 2 932 043, the present invention affords an upgrade consisting of the existence of several anonymization entities instead of just one, as well as the expression of preferences emanating from their users.
The term anonymization is employed with regard to the authority in view of the fact that the stamp that it grants functions as a cryptonym. In a particular configuration of the method according to the invention, the cryptonym generally being variable, tied to a generally invariable pseudonym, will find a broadening of its applications, in that, while unburdening the central recipient of certain knowledge such as the real identity of the author, it nonetheless safeguards in its favor an optional possibility of capitalizing on anonymized knowledge about the author, if the latter accepts it. Knowledge via the anonymization authority vouching for the author and for the particular features thereof, and capitalization attributed either to the pseudonym tied to the cryptonym inserted into the protocol of the stream, or according to the same principle to the polynyms tied to the cryptonyms.
In consequence of its refinements in regard to partitioning and channeling, the invention intentionally causes a partial or total ignorance, or an inability of access, in relation to identity elements. This partitioning logic radiates over the management of the identities. The present method can be described as a system for partitioning at one and the same time entities and identities.
A physical extension would be hardware tagging, watermarking or any form of naming of a support that could be objects, matter or real beings, for purposes of recognition, of validation of right or of status, of valorization, of membership or of dependency, of bond, of identification or of authentication without revealing an actual identity and as substitute for the latter. These postings and taggings of polynyms, of pseudonyms or of cryptonyms may merely preserve just one of their sub-parts, or other derivatives resorting for example to a coding.
The method according to the invention may be the bedrock of an anonymization or of a pseudonymization of the fledgling sphere of communicating objects. By supplementing with an additional anonymization layer, it concocts an original economic model, affording the user a guarantee of additional confidentiality, the absence of which appears to be an obstacle to the commercial flourishing of these communicating objects. It puts in place a screen between for example a so-called naming authority, perceived as omnipotent and omniscient, and a custodian of such objects desirous of his digital privacy. The fact of adding an additional layer where each actor will have one or more brand marks, also allows one or more dedicated registers of object addresses to be opened for him, and this will correspondingly diminish the number of distributable addresses. The rarity of such addresses constitutes an obstacle to the flourishing of communicating objects.
Accordingly, said additional anonymization layer will rely on what will be called a system of polynyms, in a wider acceptation than that usually admitted:                a polynym may be one and the same cryptonym granted, simultaneously or subsequently, to several authors, or to communicating objects of these authors.        In reverse, an author will be able to have a plurality of cryptonyms that can be tied to different polynyms.        
A first benefit of such a device according to the invention is to create a fuzziness zone which protects the authors' digital space, spread over a multitude of hardware supports. Wholly by relying on the cryptonym-forming stamp, inserted into the computing or communication protocols, the present invention deploys a mechanism where a recipient will no longer be able to know whether such stamp covers a single author nor whether the latter is covered only by a single stamp. This results in a greatly reduced possibility of traceability, of historicization or of profiling. Such aspect takes on great importance when too many of our communicating objects transmit complementary information about us, regarding our purchases, our movements or our domestic habits.
A second benefit is to do with the fact that the cryptonym, the central function of which in patent application FR 2 932 043 is to substitute itself functionally for the author's telecommunications identity, takes on moreover the role of a sort of prefix to the container, namely the protocol, i.e. to all or part of the content. So doing, it extends the authorized length of the total message. Which length is sometimes constrained to great brevity by the technical standards in use, and correspondingly reduces the total number of variant expressions. Situation present in the debate on the possible transition of the identifications and addresses of the packets of the IP protocol switching from IPv4 (32-bit addresses) to IPv6 (128-bit addresses), where the argument of the rarity of the IPv4 identities is recurrent. Intended to overcome this dilemma, the cryptonym is here at one and the same time a multiplier of identities as much as an identity scrambler.
The remaining part of the protocol which indicates the real identity of the author, may if necessary be prohibited functionally from access, as is the case in patent application FR 2 932 043, or toned down or curtailed by an intermediate entity, for example the anonymization authority. The latter will thereafter cause the mail to pursue its course up to the naming authority or other recipient. The utility of this intermediation being to do with the fact that the anonymization authority will be able to benefit from greater confidence on the part of the users, or indeed be created by them, by groupings of enterprises or individuals, or be placed under the control of elected representatives who do not come under other geographical jurisdictions.
What is said of a naming authority could relate to any other end addressee, just as the illustration of the method by communicating objects merely designates the main potential market for this aspect of the invention. Other applications or entities could thus be concerned, like the example of systems for electronic voting, for on-line surveys, for consumer tests, for televised audience measurement, and cataloging and inventory systems. Uses may arise in regard to archiving, indexing and classifying of data, of stock, since the principle of the polynym amounts to a tree which can be chosen not only according to criteria of privacy and invisibility but conversely of formalization of visible typologies. The addition of anonymization with logic classification still remaining possible. The polynym may equally well be random and masking as rational and indicative, or a blend of these items.
The use hereinabove of the term “prefix”, in regard to a cryptonym inserted into a protocol, is not a universal description: this prime position refers to the content of the mail or of the file, but it can vary in terms of uniqueness, or spatially with respect to the remainder of the container, notably if the objective is not to anonymize an author. In the latter case, a notion of suffix or any form of characteristic marking may suit. This may be pictured as involving extending either the roots, the trunk or the branches of a tree, viz. the protocol. Several simultaneous extensions being a conceivable option.
This principle of extension finds a variant not relying on the addition of characters, but on modifications in the initial protocol which culminate in the same result of increasing the possible variants, pictured like a cryptonym which would permute characters previously present in the protocol in favor of characters unpublished up till then.
In the simplest device, the anonymization authority will be able to grant such an author one or more cryptonyms-prefixes, that will be inserted into the protocols when dispatching some of the communicating objects thereof. Simultaneously or subsequently, it will grant this or these same cryptonyms-prefixes to other authors for diverse of their own objects. The constraint then being that these prefixes are not followed or surrounded by identical strings of identification characters, which would culminate in total in doubletons.
This results in the creation of a proprietor described as virtual, who will appear as sole appointed custodian of these diverse objects.
The number of polynyms no longer being related to the substantiated number of authors, and being diminishable according to the nature, the position and the length permitted the cryptonym, defines the number of makeable virtual proprietors.
Regarding privacy, the anonymization authority will advantageously be able to serve as intermediary between a naming authority and authors such as are web surfers or communicating objects. This anonymization authority multiplying up the virtual proprietors, for the convenience of authors and users, will invert the objects of several real proprietors, will redistribute their objects to several virtual proprietors, will aggregate the objects of several real proprietors on a single virtual proprietor, while managing the obligation that this prefix is not surrounded twice by the same string of characters. It will be able to undertake permutations over time, where such an object firstly tied to such a virtual proprietor is thereafter tied to another. It will be able, in its scrambling capacity and according to an expedient of decoy or of placebo type by analogy with the medical sector, to create virtual proprietors corresponding only to objects invented for the circumstance. A polynym will be able to cover zero, one or more genuine persons; a person will be able to have zero, one or more polynyms. It will be possible for there to be fake persons and fake objects.
Acting as usefully opaque intermediary between users and a naming authority, the anonymization authority would afford a response to the recurrent anxieties born of the practices, of the weight, of the nationality or indeed of the operating opacity of certain naming authorities. Opposed to this operating opacity would be an opacity of usage and of membership. Such object which one day would appear to be related to such virtual proprietor, would the day after be related to another, with no facility to trace same, and without being able to ascertain the exact confines of the patrimony of a given real proprietor.
The distinctive sign inserted into a protocol sees, in the present invention, the variety of these uses broadened. The variable cryptonym may still remain associated with an invariable pseudonym in relation to certain interlocutors, while it will take on a masking and multiplying polynym function in relation to other interlocutors such as a naming authority.
The subject of the invention is therefore a method of checking and protecting data and identities within a communication or computing process between at least one author and at least one recipient, characterized in that said method comprises at least:                A step of allocation by an anonymization authority (4) of one and the same stamp forming a cryptonymic marking, to one or to several different authors and to their objects furnished moreover with an arbitrary identity;        A step of inserting said stamp into the communication or computing protocol associated with the data stream, by means of a stamp system, the protocol containing the identity of said author or of said object of the author or authors, and each author being able moreover to simultaneously have a plurality of different cryptonyms;        A step of reading, at at least one recipient, of said protocol by means of a reading system able to detect the presence of said stamp.        
The stamp is for example distinctive sign of recognition, cryptonymic marking, correspondence of identities or polynym. This polynym is a cryptonym grantable to one or to several authors and to their objects, each author simultaneously having a plurality of cryptonyms corresponding to different polynyms.
The method uses for example a mechanism which partitions, discriminates, splits up and renders autonomous, masks, unmarks or scrambles certain subjects, certain data and certain objects, certain identities or identity coupons relating to one and the same process.
This same mechanism can also be used to channel and distribute, compose, create relationships, aggregate, demask or re-mark, certain subjects, certain data and certain objects, certain identities or identity coupons relating to one and the same process.
The stamp inserted into a protocol serves for example as extender or as modifier for an arbitrary identity present in the protocol, and allocated to a physical entity such as an object, a computing entity such as a file, a communication stream, or a virtual entity such as an avatar, as well as optionally to the author, custodian or sender thereof.
In a particular case, the cryptonym-forming stamp, inserted into a computing or communication protocol, can serve as gateway to a pseudonym. It can also serve as root common to diverse identities unified by it in a single register of polynym type.
In another particular case where the stamp is inserted into a plurality of protocols pertaining to one or more actual identities, it serves for example as common referent to create a unifier register of arbitrary identities allocated to objects, streams, files or avatars pertaining to said actual identity or identities.
In a particular implementation, the anonymization authority or the author, allocate, withdraw and change the stamps corresponding to polynyms, so as to operate permutations and redistributions within the unifier registers of arbitrary identities.
One and the same author has for example a plurality of different stamps corresponding to as many polynyms, in an exclusive manner or shared with other authors.
Several stamps, similar or different, are simultaneously possible in a mail or a file, either for independent uses or users, or to create between these signs bonds, respective sureties, or one-off filiations.
One and the same author has for example several stamps simultaneously within one and the same computing or communication protocol.
The anonymization authority transmits for example to the recipient the correspondence between such stamp corresponding to a polynym, received by the recipient, and functional directives.
In a case where the stamp corresponds to a polynym, allowing the issuing of functional directives on the part of the anonymization authority, the functional directives are, in relation to a recipient, a prohibition of access, of reading, of storage or of processing in relation to parts of the protocol or of the content of the marked stream of said stamp.
The stamp inserted into a computing or communication protocol brings about for example the unmarking, on this protocol, of the actual identity of its author or custodian, either on account of the functional role thereof of prohibition of acquisition of knowledge, or via an anonymization authority placed as intermediary with respect to the recipient and undertaking the unmarking.
In a particular mode of implementation, the anonymization authority, assisted or deputized for by a suitable device, optionally transmits the correspondence between such cryptonym, such pseudonym or such entity referenced under a polynym, and on the other hand behavioral, situational information or information pertaining to the past or to the profile of this author, for the purposes of characterizing same without necessarily transmitting either the actual identity thereof or another of the pseudonyms thereof.