FR3003978A1 - METHOD FOR MANAGING CONFIDENTIAL DATA, ASSOCIATED SYSTEM AND COMPUTER PROGRAM - Google Patents

Abstract

A method and system for managing confidential data for the purpose of relieving a user (20) of daily and tedious storage of a wide variety of confidential or complex (CDi) data. The system comprises a device (1) implementing said method and cooperating with a plurality of tags (2, 2a, 3) whose respective identifier are associated with said confidential data. The restitution of said data is performed safely and simply by the device (1).

Description

The invention relates to the management of confidential data made available to each of us for which we have the responsibility and responsibility in professional or personal contexts.

We have to memorize daily a growing number of confidential data of all kinds (identifiers associated with secrets to access the Internet or an intranet, associated bank account IDs and passwords, activation codes 10 or disabling alarms, access codes or keys reserved for buildings or services, opening codes on one or more computers, personal identification codes for smartphones, etc.). To respond to this multiplication of confidential information, each uses more or less sophisticated or even artisanal techniques often to the detriment of the security or confidentiality of said information or confidential data. For example, some use a minimum of 20 distinct secrets to reduce the mental gymnastics needed to memorize them. The main disadvantage of such an approach is to maximize the vulnerability of a large number of services or access as soon as the knowledge of one of the secrets has been revealed by chance to a malicious third party. Others write in full on a booklet the different identifiers, addresses and other secret codes or secret keys. Such a booklet can unfortunately be lost or stolen with the resulting consequences. Others still use shared memory space (known as "cloud") to share this knowledge base with other people or simply to view the list of confidential data on different interactive devices (smartphones, tablets, computers, etc.) without this fundamentally changing the vulnerability of confidential data.

Other solutions less artisanal and operated by professionals offer services for which the knowledge and the memorization of all or part of the confidential data are replaced by the exploitation of temporary secrets elaborated by the operators of this type of services. We must rely on these operators with confidence. In addition, the great complexity of the secret values generated generally associated with their respective short durabilities finally complicates the management of confidential data. This type of service generally and essentially addresses the generation of temporary secret codes and not the set of confidential data as defined above. Other approaches include deporting knowledge of confidential data to trusted entities that respond to requests for access or authentication. However, these solutions remain unsuitable for handling certain confidential data and can raise a lot of reluctance regarding the neutrality and probity of the entity to which the knowledge of confidential data is delegated. However, everyday, it is not always possible to operate this type of service. For example, there are no simple, responsive and secure solutions to recover for example the knowledge of the personal identification number of his credit card in front of a cashier operator of a shopping center if our memory is suddenly missing. The invention makes it possible to meet the great majority of the disadvantages raised by the known solutions. Among the many advantages provided by the invention, we can mention that the solution is perfectly exploitable by the largest number of users. It is particularly intuitive, does not require any technical knowledge for the users and offers very wide possibilities of management and restitution of the confidential data. The invention makes use of the features offered off and already by many communicating devices (mobile phones for example) as well as those provided by graphic labels (printed or even displayed) or electronic labels which we will hereinafter call globally 15 tags. Confidential data can be rendered by any available man-machine interfaces (eg screens, speakers). Knowledge of certain confidential data may be shared with trusted third parties (friends, relatives, 20 employees, etc.) or contact lists. The invention also makes it possible to simply manage the modification of a confidential data item or even its possible sharing without these operations being complex for the user or for the persons of confidence benefiting from a sharing of data knowledge. Moreover, the solution is very economical. It does not require any prohibitive investment for users or operators. It is also very safe and robust to the main attacks or risks of life: burglary, theft of equipment in particular. According to alternative embodiments, the invention makes it possible to save a knowledge base of confidential data and to share it (or to synchronize it) between different devices. Such a base can also be loaded onto new equipment without this requiring time-consuming actions for the user. For this purpose, a method for managing confidential data is provided, a method implemented by a processing unit of an electronic device which furthermore comprises means for storing means for reading information from a device. tag and means for restoring the value of a data, said memory means and said means for reading and reproducing cooperating with the processing unit. In order to meet the disadvantages of the known solutions, the method comprises: a step for reading an identifier of a tag located within reading range of the device; a step for searching, within a given data structure and stored in the storage means, a record including a first field whose content designates the identifier of the tag; if such a record has been found: o a step for reading a second field of said record whose content designates a confidential datum previously associated with said identifier of the tag; a step for restoring the value of said confidential data designated by said second field of the recording. To allow association between a tag and confidential data, such a method may comprise a first prior step for associating an identifier of a tag with confidential data, said step comprising: a step for reading an identifier of a tag located within reading range of the device; a step for creating or updating a record in the given data structure, said record comprising first and second fields whose respective contents designate the identifier of the tag and the confidential data associated therewith. According to a first embodiment, the means for restoring the device may consist of a man-machine interface arranged so that the value of the confidential data is perceptible by a user of the device, for which the step for restoring triggers said human-machine interface. machine for delivering said value of the confidential data to said user. To share the knowledge of confidential data with a trusted third party, the preliminary step of creating or updating a record 20 may further include a step of adding to the record a third field designating the identifier of a third party. trusted third party with which the knowledge of the value of the confidential data designated by one of the fields of the record is shared. According to this advantageous embodiment, the means for rendering the device consisting of means for elaborating a message comprising the value of a piece of data and sending said message to a third party, the method may comprise - if a recording has been found at the end of the step to search for a record in the given data structure - a step to read the field strength of said record designating a trusted third party. The step 35 for restoring can then trigger said means to restore to develop and then issue a message with the value of the confidential data to the trusted third respectively designated by the first and second fields of the record.

To preserve the confidentiality of a data item before returning the value, the preliminary step of creating or updating a record to associate an identifier of a tag with confidential data may further include a step to add recording an additional field designating a condition that must be satisfied prior to the return of the confidential data designated by one of the fields of the registration to authorize said refund. In the case where knowledge of confidential data is shared, the step of transmitting a message comprising the value of the confidential data to the trusted third party may be preceded by a step of encoding said message.

According to a second object, the invention further relates to a computer program comprising instructions usable by a processing unit of a device further comprising storage means, means for reading information from a tag and means for restoring the value of a data, said memory means and said means for reading and reproducing cooperating with the processing unit. Said instructions of the program are such that, when they are executed or interpreted by said processing unit, they trigger the implementation of a method for managing confidential data in accordance with the invention.

According to a third object, the invention relates to a device comprising a processing unit, storage means, means for reading information from a tag and means for restoring the value of a data, said memory means and said means for reading and rendering cooperating with the processing unit. To enable the management of confidential data, the processing unit of such a device is arranged to execute or interpret instructions of a computer program according to the invention, said program being previously recorded in the means 10 of memory cooperating with the processing unit of the device. To exploit information encoded graphically by a tag, the means for reading information from a tag located within reading range of such a device may comprise an optical sensor for capturing an image of the tag, said image encoding the identifier tag, said sensor being associated with means for decoding said image and deduce the identifier of the tag. Alternatively, to operate an electronic tag, the means for reading information from a tag of such a device may include an antenna associated with means for establishing an electromagnetic communication with a tag within reading range of the device and decode an identifier registered by said tag. Regardless of the reading mode (optical or electromagnetic), such a device can consist of a computer, a smartphone or a touch pad. According to a fourth object, the invention relates to a system comprising a device adapted according to the invention and a tag encoding an identifier graphically, for example in the form of a barcode with one or more dimensions or more generally under the form of a graphical representation. The system may further comprise or alternatively a tag arranged to record an identifier and return the latter to the device according to an electromagnetic communication - preferably wireless and short-range - when said tag is located within reading range of the device.

Other characteristics and advantages will appear more clearly on reading the description which follows and on examining the figures which accompany it, of which: FIG. 1 depicts a simplified view of a system according to the invention for which a communicating device cooperates with a plurality of tags to reduce the mental effort necessary for a user to store confidential data; FIG. 2 depicts a simplified view of the functional architecture of such a device; - Figure 3 describes an example of association of a tag and a confidential data and the return of the latter by means of a graphical interface; FIG. 4 shows an example of organization of a data structure exploited by the invention to manage the association of a tag with a confidential data item and then the return of the latter; FIG. 5 describes a functional and simplified algorithm of a method for managing confidential data according to the invention. Figure 1 summarizes firstly the purpose of a system according to the invention and briefly presents on the other hand the main components of such a system. An individual 20 must deal on a daily basis with a large variety of more or less confidential or complex data - named CDi in FIG. 1 - whose storage becomes tedious and consequently sometimes erroneous. To relieve the memory of such a person and thus increase its serenity with regard to the data it must manage, the invention proposes to use or adapt one of the electronic devices it may have from off and already to its layout, for example its mobile phone 1, a computer, a smartphone or a touch pad. Thanks to the invention, the latter - instead of the brain of its owner - records a database of confidential and / or complex to memorize for a human being. It further associates said data respectively to a plurality of tag identifiers. To achieve such an association, the device 1 reads information encoded by a graphic tag 2 or 2a. Such a tag may be in the form of a one-dimensional (tag 2) or even two-dimensional bar code (tag 2a) for example a QR-code (bar code created by Denso Corporation - QR being the English abbreviation of Quick Response) or more generally in the form of a graphical representation. The tag may be printed on the upper side of a medium having an adhesive bottom face. It is thus possible to affix or position without difficulty such a tag on an object of his choice. Alternatively, the tag could also be displayed on a screen of a device provided with such a man-machine interface. To read a graphic tag, the device 1 comprises reading means, for example in the form of an optical sensor ("camera" function) for capturing an image or representation of the tag. It is known that such tags traditionally encode public information (for example a URL - Uniform Resource Locator, according to an English terminology, for example designate an Internet page). The reading means further comprises means for decoding the captured image and deriving the information as such. It is also known that an application resident in a telephone can automatically trigger the opening of a session on a browser to view said page or any other application able to exploit such information. According to the invention, we will further exploit the graphic property of the tag to encode a public information but certainly unique to distinguish a tag from other tags: we will call this unique information a "tag identifier".

As indicated by way of example in FIG. 1, a device 1 according to the invention can in addition or alternatively read a second type of tag: reading via a contactless protocol via an electromagnetic communication for example. Thus, a tag 3 - conforming to NFC (near field communication according to an English terminology or near-field communication) or RFID (Radio Frequency Identification in an English terminology or radio-identification) memorizes a unique identifier. This identifier can be the serial number of the tag itself (generally the electronic chip of a tag has a unique serial number as soon as it is manufactured) or data stored in a memory of said tag, or even a combination of the two values. Such an electronic tag may have an adhesive face so that it can be affixed to an object of its choice. As we will see later, particularly in connection with FIG. 3, the person 20 can associate a piece of data (previously recorded in the confidential data bank) with an identifier of a tag. To subsequently recover the knowledge of a confidential data thus associated, simply read the tag again and the device restores the value of the data without any effort for the person 20. It is thus relieved of the tedious storage of the most or all of the confidential or complex data. We will encompass later and without limitation any secret or complex data whose human memory is tedious or sensitive under the term "confidential data".

FIG. 2 describes in detail the functional architecture of a device 1 illustrated in FIG. 1. Such a device 1 comprises a processing unit 10 cooperating with storage means 11, 14, 17. A first non-volatile memory 14 registers the operating system of the hardware resources of the device as well as possibly application programs P. The processing unit 10 cooperates further with a second non-volatile memory for recording data or data structures specific to the implementation The memory 11 can advantageously record the bank of confidential data CDi that one wishes to manage. To associate data with tag identifiers, a given data structure 50 is advantageously and also stored in the memory 11. For example, the processing unit 10 may further collaborate with a third non-volatile memory to record information (names, first names, telephone numbers, e-mail address, public key, etc.) of CIi contacts with which one wishes to possibly share oral or written conversations or the knowledge of data managed according to the invention. The means 11, 17 or 14 may consist of a single physical entity connected to the processing unit by means of a data bus and an address bus. Alternatively, the means 11, 14 and 17 may respectively be deported or distributed - in whole or in part - on one or more platforms, servers or any remote third party devices. To read information encoded by a graphic tag located within reading range, the processing unit cooperates with means 12 for reading graphic information. Alternatively or in addition, the processing unit 10 cooperates with means for reading 13 one or more electronic tags 3 - as previously mentioned in connection with FIG. 1. In order to deliver confidential information to a user 20 of the device 1, this the latter further comprises first means for restoring the value of a data item managed according to the invention. Such means consist of a screen, a speaker or more generally a home-machine interface allowing the user 20 to perceive the value of the data returned. Such means 15 cooperate with the processing unit 10 and are controlled by it. The invention provides that one can share the knowledge of certain confidential data with one or more trusted thirds 30. In this case, the processing unit 10 cooperates with means to restore 16 to develop a message M with the value of a datum and send said message to a third party via a communication network R (Internet, telecommunication or radiocommunication network, etc.). Thus, the owner of a device 31 intended to receive and process such a message M can know the value of a confidential data CDi managed from the device 1. FIG. 3 describes the three main steps of a process. association and restitution of a data according to the invention. According to this nonlimiting example, a person wishes to be free from mentally retaining the value of the PIN personal identification number of his bank card. Thanks to the invention, this person can safely recover this value safely and in all circumstances. Suppose that the value of the PIN corresponds to quadruplet "4567". A first step 51 is to acquire a tag, for example a tag 2a having a two-dimensional bar code such a QR-code printed on an upper face of a support. The graphic representation of the tag 2a makes it possible to encode its identifier IT2a. Consider that said support has a lower adhesive face and opposite to said upper face. The person affixes the tag 2a on the back of his credit card, taking care if possible not to cover the magnetic strip of it or a signature block of the cardholder. In step S2, the person associates the value of his PIN with the identifier IT2a of the tag 2a. For this, she uses the "camera" function of her mobile phone to capture an image or representation of the barcode. The means for reading a graphic tag collaborating with the mobile phone processing unit decode (step 52a) the captured image to deduce the IT2a identifier from the tag 2a. The person is then invited to enter the value of the PIN which he wishes to associate with the tag 2a. The capture (step 52b) is performed for example by means of a physical keyboard or emulated mobile phone. Upon validation of the entry, the association "tag identifier" and "confidential data - PIN" is performed by the telephone processing unit. When, at step S3, the person wishes to make a payment with his bank card, she again captures the tag 2a affixed to the back of her card. The telephone processing unit explores the storage means to know if it has been done previously If yes, said a data association has with the identifier of the tag. unit returns the value 35 "4567" of the PIN to the person using the phone screen. The person can thus enter in turn said value on the keyboard of the payment terminal. Other complementary processes may be implemented in particular to condition or even affect the return of the value of confidential data to a prior authentication or to share the value of said PIN with a trusted third party. Let us now examine, with reference to FIGS. 4 and 5, a method of managing 100 confidential data CDi implemented by a processing unit of a device according to the invention. According to FIG. 5, such a method mainly comprises: a step 120 for reading an identifier of a tag located within reading range of the device; a step 121 for searching for the existence or the absence of an association between the tag and a confidential datum by exploiting a given data structure and stored in memory of the device; a step 130 for restoring the value of said confidential data associated with the tag. In order to materialize a prior association between a tag and a confidential datum, such a method 100 may advantageously comprise a first step 110. Let us continue the description of such a method 100 based on an example of a given structure attesting a given association. confidential confidential - tag "in conjunction with Figure 4. Figure 4 describes an example of a given data structure 50 exploited by the processing unit of a device according to the invention. Such a structure comprises one or more records 51, 52, 53 respectively materializing an association between an identifier of a tag and a confidential data item. Such a structure 50 is for example recorded in the means 11 of the device described in connection with FIG. 2. Said means 11 also record one or more confidential data CD1, CD2, CD3,..., CDi. The means 11 also record one or more identifiers I12, IT2a, I13 of tags (previously read or predefined). By way of example, these identifiers correspond respectively to the tags 2, 2a and 3 described with reference to FIG. 1. In order to materialize an association between a tag identifier and a confidential datum, a record includes first and second fields whose contents respective ones denote the identifier of the tag and the confidential data associated with it. A first record 51 thus comprises a first field 511 which designates the identifier I12 of the tag 2. A second field 512 refers to the data CD1 associated with the identifier I12. The record 52 comprises a first field 521 which designates the identifier I12a of the tag 2a. The record 52 includes a second field 522 which designates the data CD2 associated with the identifier I12a.

The record 53 comprises a first field 531 which designates the identifier I13 of the tag 3. The record 53 comprises a second field 532 to designate the data CD3 associated with the identifier I13. According to the preferred example described with reference to FIG. 4, the content of a field 511, 521, 531 - of a record 51, 52, 53 of the data structure 50 - designating an identifier of a tag consists of a reference (or pointer) 'Tir, IT2ar, I13r to a memory space containing the value - that we could qualify as effective - of the identifier I11, I12a, I13. It is the same for a field 512, 522, 532 of a record 51, 52, 53 of the data structure 50 designating a confidential data CD1, CD2, CD3. The content of such a field advantageously consists of a reference (or a pointer) CD1r, CD2r or CD3r to a memory space containing the actual value of said confidential data CD1, CD2, CD3, ..., CDi. Alternatively, the content of a field designating a tag identifier or confidential data may consist of the value of the tag identifier or the value of said confidential data. According to a preferred embodiment, the values of the confidential data may be previously encoded before they are recorded. According to this variant, step 130 for restoring such data decodes the recorded value. The constitution of the records 51, 52, 53 can be performed during an initialization phase or as a result of the implementation of a step 110 of the method 100. This step 110 corresponds to the step S2 of the process described in connection with FIG. 3. Such a step 110 comprises in this case a first step 111 for reading an identifier I12, IT2a, I13 of a tag located within reading range of the device. It further comprises a second step 112 for associating the read tag identifier with confidential data. This step 112 includes a step 112a for creating or updating a record in the given data structure, said record comprising the first and second fields whose respective contents designate the identifier of the tag and the confidential data associated therewith. In connection with FIGS. 4 and 5, a first occurrence of step 110 makes it possible to associate the confidential datum CD1 with the identifier I12 of a tag. The record 51 is thus created in the structure 50. This record 51 comprises a first field 511 which designates (via the reference IT2r) the identifier I12 stored in the memory 11 (possibly previously read 111). The record 51 further comprises a field 512 which designates (via the reference CD1r) the value of the recorded data CD1 (possibly encoded) in memory 11.

A second occurrence of step 110 associates the data CD2 with the tag identifier I12a. The record 52 is also created in the structure 50. This record 52 comprises a first field 521 which designates (via the reference IT2ar) the identifier I12a stored in the memory 11 (possibly previously read in a previous step 111). The record 52 further comprises a field 522 which designates (via the reference CD2r) the value of the data CD2 stored in memory 11. In the same way, the data CD3 is associated with the identifier I13 of a tag 3. A third record 53 is created comprising a first field 531 which designates (via the reference IT2ar) the identifier I12a stored in the memory 11 (possibly previously read in a previous step 111). The record 53 further comprises a field 532 which designates (via the reference CD3r) the value of the data CD3 stored in the memory 11. The Cdi data item has not for the moment been the subject of an association or a previous association has been canceled. There is therefore no record Si comprising a field 5i2 denoting said datum and having a field Sil denoting the identifier of a tag. In order to be able to implement step S3 of a process described in connection with FIG. 3 and thus to recover the knowledge of the value of a confidential data item - for example the CD2 data associated with the tag 2a - the method 100 includes a step 121 to search, among the records 51, 52 and 53 of the data structure 50, a record including a first field whose content designates the identifier IT2a of the tag 2a read in step 120. Such a record (the record 52) is thus found at 122. Indeed the field 521 of said record 52 designates the tag identifier IT2a. The method 100 then comprises a step 123 for reading the field 522 of said record 52. The content of said field 522 designates the confidential item CD2. The method 100 can then restore the value of said datum to step 130.

A first mode of reproduction can be a direct restitution to the user of a device whose processing unit implements a confidential data management method according to the invention such as the method 100 illustrated in FIG. first embodiment of the invention, the invention operates a human-machine interface (screen, speaker) of said device or cooperating with said device as means for restoring the value of a confidential data. Said human-machine interface is sufficient for the value of confidential data to be perceptible by a user of the device. The step 130 of the method 100 then consists in triggering said human-machine interface to deliver at 131 said value of the confidential data to the user (such as the user described in connection with FIGS. 1 or 2) . In connection with FIG. 2, a second embodiment of restitution proposed by the invention is a restitution to a trusted third party 30, more exactly to a device 31 arranged to exploit a message M transmitted from a device 1 comprising the processing 10 implementing a confidential data management method according to the invention.

To provide for such sharing, the step 112 of a method 100 described in connection with FIG. 5, further comprises a step 112b for adding to the record comprising a field designating a confidential datum whose knowledge is to be shared with a user. third, a third field to designate the identifier of said trusted third party. Such a field may comprise, for example, an e-mail address or a mobile telephone number to which a message may be sent. The content of such a field may alternatively advantageously consist of a reference to a memory space recording such information, for example a memory contact card 17 of a device described in connection with FIG. 2. The invention provides that it is possible to add as many fields as necessary to be able to associate a plurality of trusted third parties authorized to share the knowledge of a confidential data item or even to designate a pre-established list of contacts. To illustrate this mode of reproduction, let us again support FIGS. 4 and 5. Suppose that we wish to share the knowledge of the data CD2 with a trusted third party whose identifier is IC30 (it is example of the third 30 illustrated in Figure 2). The record 52 translating the association between the identifier of the tag 2a and the data CD2, comprises a field 523 having a reference IC3Or to a memory 17 recording information related to the third party 30. In the absence of knowledge sharing of a datum (for example the knowledge of the data CD1 and CD3 is not shared), the recording related to this datum in the structure 50 comprises an empty field (fields 513, 533). Alternatively, records 51 and 53 may not have such a third field. In the latter case, the fields of a record of the structure 50 advantageously comprise a marker so that the processing unit implementing the method can interpret their contents. In order to implement the second rendering mode, the processing unit 10 of the device 1 described in connection with FIG. 2 cooperates with reproduction means 16 to produce a message M comprising the value of a piece of data and to send the said message. to a trusted third party. When updating confidential data or reading a tag associated with a data item (step 120), a method 100 described in connection with FIG. 5, searches for a record in the structure of determined data 50 having a field designating the tag or data. If such a record is found at 122, the method includes - for restoring the data at 130 - a step 132 for reading the content of a field (within the record characterizing the association) which designates a trusted third party. In connection with the example illustrated in FIGS. 2 and 4, such a step 132 consists in obtaining an address to which a sharing message can be transmitted to the third party whose identifier is 1C30 via a device 31. step 130 for restoring the shared confidential data triggers the means 16 to elaborate 133 and then emits 134 a message M comprising the value of the confidential data CD2 to the trusted third party 30 respectively designated by the first and second fields 521 and 522 of the recording 52.

Whether the return of confidential data is direct (via a device interface) or indirect (via a sharing message to a third party), the invention provides that said refund can be conditioned to the satisfaction of a condition prior. For example, it may be required that a secret code be entered by the user before the data is returned via a suitable human-machine interface or a sharing message is encoded prior to its issue. In connection with FIGS. 2, 4 and 5, to specify such a condition, the prior step 112 for creating or updating a record 51, 52, 53 may further include a step 112c for adding an additional field to said record. 514, 524, 534 respectively designating conditions C1, C3, C2 which must be satisfied prior to the restitution 130 of the data associated with the tag. A first condition C1 can for example mean that no authentication is required. A second condition C3 may mean that the user of a device according to the invention must present a secret code prior to the return of a data item. This authentication can be satisfied when launching the execution or the interpretation of an application program whose instructions operated by the processing unit trigger the implementation of a management method according to the present invention. invention. It may be required alternatively by invitation via a human-machine interface of the device. A third condition C2 may mean that a message M of knowledge sharing of confidential data must be encoded by the processing unit prior to its transmission. For this purpose, a public key or a secret key of a trusted third party recipient of said message is thus designated by the condition C3. Such a key is advantageously stored in memory 17 together with the information of a contact. The condition can also specify the encoding algorithm or parameterize it. In the absence of a key necessary for the encoding of the message, the method 100 considers that the condition is not satisfied and the restitution to the third party is not accomplished. By way of example, the record 51 of the structure 50 illustrated in FIG. 4 comprises a field 514 whose content (C1) specifies that the item CD1 associated with the identifier I12 can be restored (131) directly thereafter. reading (120) the tag identifier I12. On the other hand, the record 52 includes a field 524 designating a condition C3. This stipulates that the message M must be encoded prior to its transmission, for example by means of the public key of the third party whose identifier is IC30. The record 53 includes a field 534 specifying that authentication of the user prior to the return of the data CD3 is required. Several conditions whose respective respective conjugated or suppletive satisfactions prior to the restitution of a datum can be associated concomitantly within a record of the structure 50. The restitution of a datum can indeed be plural (ie carried out simultaneously by means of a human-machine interface and shared with one or more trusted third parties). The invention further provides that records 51, 52, 53 of a structure 50 may include fields 51m, 52m, 53m respectively to indicate whether the association is active or inactive. In the case where an association is said to be inactive, the method 100 does not trigger restitution step 130. Alternatively, such a field may specify a validity period in place and place (or in addition to) a Boolean flag A / I defining that an association is "active" or "inactive". Such a field can be updated by means of a suitable human-machine interface of a device according to the invention.

The invention furthermore provides that it is also possible to associate one or more additional fields within a record attesting an association between a confidential datum and a tag identifier in order to trigger other complementary processing operations to the restitution of a datum as presented. previously. The invention also provides that it is also possible to associate one or more additional fields within a record attesting an association between a confidential data item and a tag identifier to authorize or prohibit a modification of a tag identifier or data associated with said tag. in memory of the device.

The implementation of a method by the processing unit of a device according to the invention can be automatically triggered during electromagnetic reading of an electronic tag or after the manual commissioning of the "camera" function. to read a graphic tag.

Claims (18)

REVENDICATIONS1. Method (100) for managing confidential data (CD1, CD2, CD3, CDi) implemented by a processing unit (10) of an electronic device (1) which furthermore comprises memory means (11, 14, 17), means (12; 13) for reading information from a tag (2, 2a, 3) and means for restoring (15, 16) the value of a data item, said memory means and said means for reading and reproducing cooperating with the processing unit, the method being characterized in that it comprises: a step for reading (120) an identifier (IT2, IT2a, IT3) of a tag (2, 2a, 3 ) located within reading range of the device (1); a step for searching (121), within a given data structure (50) and stored in the storage means (11), a record (51, 52, 53) having a first field (511, 521, 531 ) whose content designates the identifier (IT2, IT2a, IT3) of the tag (2, 2a, 3); if (122) such a record has been so found: o a step (123) for reading a second field (512, 522, 532) of said record (51, 52, 53) whose content designates a confidential item (CD1, CD2 , 0D3) previously associated with said tag identifier (IT2, IT2a, IT3); a step (130) for restoring the value of said confidential data item (CD1, CD2, CD3) designated by said second field (512, 522, 532) of the recording (51, 52, 53). 2. Method according to the preceding claim, said method comprising a first prior step (110) for associating an identifier (IT2, IT2a, IT3) of a tag with a confidential data item (CD1, CD2, CD3), said step (110) comprising: - a step for reading (111) an identifier (IT2, IT2a, IT3) of a tag within reading range of the device (1); a step for creating or updating (112, 112a) a record (51, 52, 53) in the given data structure (50), said record including first (511, 521, 531) and second (512, 522, 532) fields whose respective contents designate the identifier (IT2, IT2a, IT3) of the tag and the confidential data item (CD1, CD2, CD3) associated therewith. 3. Method according to the preceding claim, wherein the content of a field of a record of the given data structure designating a tag identifier or associated confidential data consists of the value of the identifier (IT2, IT2a, IT3). ) of tag (2, 2a, 3) or the value of said confidential data (CD1, CD2, 0D3). The method according to claim 2, wherein the content of a field of a record of the given data structure (50) designating a tag identifier or an associated confidential data item consists of a reference (IT1r, IT2ar, IT3r, CD1r, CD2r, CD3r) to a memory containing the value of the tag identifier (IT1, IT2a, IT3), (2, 2a, 3) or of said confidential data item (001, 002, 003). 5. Method according to any one of the preceding claims, the means for rendering (15) the device consisting of a man-machine interface arranged so that the value of the confidential data (001, 0D2, CD3) is perceptible by a user. (20) of the device (1), for which the step of restoring (130) triggers said man-machine interface to deliver (131) said value of the confidential data to said user (20). The method of any one of claims 2 to 4, wherein the step (112) prior to creating or updating a record further comprises a step of adding (112b) to the record (52) a third field (523) designating the identifier (I030) of a trusted third party (30) with which the knowledge of the value of the confidential data item (0D2) designated by one of the fields (522) of the registration is shared. 7. Method according to the preceding claim, the means for returning the device consisting of means (16) for preparing a message comprising the value of a datum and transmitting said message to a third party, including, if (122) a record was found at the end of step (121) to search for a record in the determined data structure (50), a step for reading (132) the content of the field (523) of said record (52) designating a trusted third party (30) and for which the step of restoring (130) triggers said means for rendering (16) so that they elaborate (133) and then emit (134) a message (M) having the value 10 of the confidential data (CD2) to the trusted third party (30) respectively designated by the first (521) and second (522) fields of the record (52). 15 8. Method according to any one of claims 2 to 7, for which the prior step (112) poà ¥ to create or update a record (51, 52, 53) to associate an identifier of a tag (2, 2a 3) to a confidential data item (CD1, CD2, CD3) 20 further includes a step for adding (112c) to the record an additional field (514, 524, 534) designating a condition (C1, C2, C3) which must be satisfied (124) prior to the restoration (130, 131, 132, 133, 134) of the confidential data (CD1, CD2, CD3) designated by one of the fields of the record (511, 521, 531) to authorize said refund. 9. A method according to claim 7 and 8, wherein the step of transmitting (133) a message (M) comprising the value of the confidential data item (CD2) to the trusted third party (30) is preceded by a step of encoding (134) said message. Computer program (P) comprising instructions operable by a processing unit (10) of a device (1) further comprising storage means (11, 14, 17), means for reading (12, 13) information of a tag (2, 2a, 3) and means for restoring (15, 16) the value of a data, said memory means and said means for reading and reproducing cooperating with the processing unit , which when executed or interpreted by said processing unit trigger the implementation of a method (100) for managing confidential data, according to any one of claims 1 or 9. Apparatus (1) comprising a processing unit (10), storage means (11, 14, 17), means for reading (12, 13) information from a tag (2, 2a, 3) and means for rendering (15, 16) the value of a data, said memory means and said means for reading and reproducing cooperating with the processing unit, said device being characterized in that said processing unit (10) is arranged to execute or interpret instructions of a computer program (P) according to claim 10, said program being previously registered in the storage means (14) cooperating with the processing unit (10) of the device (1). ). 12. Device according to the preceding claim, wherein the means for reading (12) an information of a tag within reading range of the device (1) comprises an optical sensor for capturing (120a) an image of the tag, said encoding image. graphically the identifier of the tag, said sensor being associated with means for decoding said image and deduce (120b) the identifier (IT2, IT2a) of the tag (2, 2a). 13. Device according to claim 11, wherein the means for reading (13) a tag information (3) comprises an antenna associated with means for establishing (120c) an electromagnetic communication (C) with a tag (3) located within reading range of the device (1) and decoding (120d) an identifier (IDT3) recorded by said tag. 14. Device (1) according to any one of claims 11 to 13 consisting of a computer, a smartphone or a touch pad. 15. System comprising a device (1) according to claims 11 or 12 and a tag (2, 2a) encoding an identifier (IT2, IT2a). 16. System according to the preceding claim, wherein the identifier (IT2, IT2a) of the tag is encoded in the form of a barcode, QR-code or a graphical representation. 17. System comprising a device (1) according to claims 11 or 13 and a tag (3) arranged to record an identifier (IT3) and return it to the device (1) according to an electromagnetic communication (C) when said tag is located within reading range of the device (1). 18. System according to the preceding claim, wherein the tag (3) and the device (1) communicate according to a communication (C) electromagnetic wireless short-range.