FR3011998A1 - SYSTEM AND METHOD FOR ANONYMOUS AND SECURE COMMUNICATIONS - Google Patents

Abstract

The present invention relates to a system for ensuring the encryption of data transmitted over the Internet by means of an electronic entity and relayed by a network node; the system also makes it possible to anonymize any exchange of such data, thanks to: • a method of incorporating the signaling protocol into a periodic information flow exchanged between the electronic entity of the user and a network node, said stream periodical information being encrypted / decrypted according to the principles of public key infrastructure (PKI), well known by the art experts. A method allowing the beginning and the end of the exchange of data between two users at random times with respect to the signaling messages, said data stream being encrypted with a key shared between the two users. A method of incorporating the signaling protocol and the data stream into a continuous stream of dummy data between any two network nodes of the system. The system and method according to the invention is particularly intended for managers and employees of large companies who want an increased level of security for all communications of a particularly strategic nature.

Description

FIELD OF THE INVENTION The present invention relates to a system for guaranteeing the encryption of data transmitted over the Internet by means of an electronic entity (landline or mobile telephone, desktop or laptop computer, tablet); the system also makes it possible to anonymize any exchange of such data. Throughout the description, the abbreviations defined hereinafter and in the glossary will be used.

Context The proliferation of Internet communications involves risks in the security of exchanged data, as well as in the confidentiality of entities and individuals who exchange such data. There are often legitimate reasons why someone wishes to remain anonymous by exchanging information with another person, for example in the early stages of developing a particularly strategic business relationship; it is very difficult (if not impossible) for a person to protect his identity when he / she addresses his / her correspondent in an 'open' network such as the Internet. The problem becomes more complicated if the two correspondents wish to remain anonymous. In addition to anonymity, the very content of exchanged data may require increased confidentiality. The present invention solves the problem of the confidentiality of data exchanged between two people, as well as the anonymity of the latter through: A method of incorporating the signaling protocol into a periodic information flow exchanged between electronic entity of the user and a network node, said periodic information stream being encrypted / decrypted according to the principles of the public key infrastructure (PKI), well known by the experts art. A method for initiating and terminating the exchange of data between two users at random times with respect to the signaling messages, said data stream being encrypted with a key shared between the two users. A method of incorporating the signaling protocol and the data stream into a continuous stream of dummy data between any two network nodes of the system. The method of incorporating the signaling protocol into a periodic information flow exchanged between the electronic entity of the user and a network node is executed by a software installed in the electronic entity and by a control software installed on the network node; both software implement the following steps: Every P seconds, the software of the electronic entity of the user sends a signaling message to the corresponding network node. Depending on the actions of the user, this message may contain information such as' Call recipient ',' Sending SMS to recipient ',' Answer (to a call, SMS, etcl, etc.) If the user has not performed any action a simple presence notification message - such as a 'Hello' - is sent The user's identity in correspondence of the message sent consists of an alphanumeric character string Each message sent by the user's electronic entity is acknowledged by the corresponding network node, which returns a response according to the state in which the sending electronic entity is located.

For example, following a call request to a recipient user, the electronic entity of the latter is in the state 'Waiting for a call alert'. Upon receipt of a `Hello 'message from the recipient's electronic entity, the corresponding network node sends a response that contains a call alert and the identity of the caller. Any signaling exchange according to the described steps is secured using an asymmetric cryptographic algorithm, such as `RSA '.

The signaling messages exchanged are organized into packets that are always the same size; in this way, attacks aimed at analyzing the semantic characteristics of the packets will be ineffective.

The process of exchanging data between two users (one of which is 'issuer' and the other of which is 'recipient') is executed by the same software mentioned above through the following steps: Following a request from call (or send SMS or email) the network node schedules the start of the data exchange after the flow of a random value counter. Before the flow of said counter dummy data are exchanged between the network node and the issuer and / or the recipient. Following a request to end the call (or after sending an SMS or an email) the network node schedules the end of the data exchange after the flow of another counter of random value. Before the flow of said counter dummy data continue to be exchanged between the network node and the issuer and / or the recipient. Any exchange of data according to the steps described is secured by using a shared key between the electronic entities of the sender and the recipient, said shared key being obtainable: Either through a conventional key exchange procedure, such as the procedure of Diffie-Hellman. Either with a configuration procedure when setting up the system.

The encrypted data exchanged (whether real or fictitious) are organized into packets that are always the same size; in this way, attacks based on the analysis of the characteristics of the flows and / or the detection of 'silences' (in an audio communication) will be ineffective.

The method of incorporating the signaling protocol and the data stream into a continuous stream of fictitious data between any two network nodes of the system is executed by the software installed on the network nodes according to the following steps: - The network nodes are interconnected thanks physical and logical links that allow M simultaneous two-way communications. Between two network nodes M two-way communications are always active. In the absence of true data exchange between two users, two-way communication will contain fictitious data. Setting up a data communication between the electronic entity of a first user (this entity communicating with a corresponding first network node) and that of a second user (communicating with a corresponding second network node) replaces a communication bidirectional fictitious preexisting. - The end of a data communication between the electronic entity of a first user (this entity communicating with a first corresponding network node) and that of a second user (communicating with a second corresponding network node) triggers the setting place of a new fictional bidirectional communication. Any exchange of data between any two network nodes of the system is secured by using a key shared between the nodes, said shared key being obtainable: Either through a conventional key exchange procedure, such as the Diffie-Hellman procedure . Either with a configuration procedure when setting up the system. State of the art The problem of anonymity in communications has already been addressed in specific contexts (eg, online auctions). In general, the solutions provided are based on an intermediation server which hides the user's identity from his correspondent. According to the patent WO 97/2501 the user transmitting a communication request sends a message to an intermediation server, this message containing the encrypted request, defined by 1 "objef of the request and the electronic signature of In addition, the intermediary server sends the request to the recipient, who responds to the server with a message containing the encrypted response defined by the reply and the recipient's electronic signature. Systems of this type have intrinsic weaknesses: for a spy system it is possible to detect an event in the electronic entity of the sender and correlate it temporally with an event in the recipient's electronic entity. Even if the requests are encrypted and relayed by an intermediation server, it is possible to deduce a signaling exchange between two electronic entities. Advantages of the invention The present invention very effectively against the methods used for listening and spying on internet communications: As already explained, any encrypted signaling message (such as 15 'Call', 'Answer', etc. .) for the management of communications between two entities is embedded in a continuous stream (periodic) of encrypted messages - which are always the same size - between an electronic entity and a network node: it is therefore very difficult for a spy system to differentiate between a 'control' message and a 'notification' message. It becomes all the more difficult to be able to deduce a signaling exchange between two electronic entities. Following an exchange of signaling messages between an electronic entity and a network node for setting up a communication session (voice, SMS, email, etc.), the start of said communication session between two entities' pairs' is after the flow of a random value counter. Vis-à-vis a spy system there is therefore no correlation between any event that controls the establishment of a communication and the triggering of the latter. In general, traffic between any two network nodes in the system uses a physical / logical link provided by one (or more) interconnect operator. However, the latter is subject to the law of his home country, which may require listening on any physical / logical link provided by the operator. According to the proposed system, listening to a communication between two 'pair' electronic entities is particularly complicated, since said communication is incorporated in a continuous stream of fictitious data between the nodes of the network. The present invention relates to a system for exchanging data securely and anonymously between two users, said data being transmitted by means of user programmable electronic entities and computer machines in the Internet; said confidential data being in particular in the form of voice or SMS type information or emails; said user programmable electronic entities being characterized by: a dedicated software module intended to: generate a periodic stream of signaling messages, each message being a presence notification containing the identity of the user; periodic flow of signaling messages from the programmable electronic entity of the user to a computer machine in the Internet network, each signaling message being encrypted by the user's programmable electronic entity and decrypted by the computer machine in the Internet network, the encryption and decryption being done according to an asymmetric encryption algorithm - Manage the reception of replies in correspondence of said 25 signaling messages, each response being sent by the computer machine in the internet network using said asymmetric encryption algorithm - Continued to an action of the user, letting a presence notification contained in the periodic stream of signaling messages by a control message for the exchange of secure and anonymous data; - Organize any encrypted signaling message - whether a presence notification message or a control message - according to computer packages that are always the same size.

A set of computer machines in the Internet network (also called 'network nodes') being characterized by: a dedicated software module intended to: generate a periodic stream of signaling messages, each message being a response to a notification of presence coming from a user's programmable electronic entity and containing his identity - Managing the sending of said periodic flow of signaling messages to the user's programmable electronic entity, each signaling message being encrypted according to an asymmetric encryption algorithm 10 - Following the receipt of a message setting up or terminating an exchange of secure and anonymous data, the sending to the programmable electronic entity of the user of the notification of a waiting time random before setting up or terminating said data exchange. According to a second characteristic, the system according to the invention comprises: A set of electronic entities, each entity belonging to a corresponding user and comprising a dedicated software module which comprises: a software module for managing and storing two keys security system, the first key being the public key of the corresponding network node, said public key enabling the encryption of a periodic stream of signaling messages sent to said corresponding network node; the second key being shared with another electronic entity belonging to another user in case of establishment of a data connection between the two electronic entities - A software module for managing the user's contact list, each contact being characterized by an identity in the form of an alphanumeric character string - A software module for user interface management, said module for interpreting the user's actions, such as commands or responses to alerts, and construct the corresponding signaling message, so that it is embedded in the periodic flow of signaling messages exchanged with said corresponding network node A set of network nodes, each network node being defined 'corresponding network node' an electronic entity with which it has a logical interconnection and comprising: A first static database, a tale the identity of each user of the system, said identity having the form of an alphanumeric character string A second dynamic database, associated with the first database and containing the temporary information of each user whose electronic entity has established a signaling connection with its corresponding network node, said temporary information comprising: the identity of the user, encrypted with the public key of the corresponding network node; the internet address of the network node corresponding to each electronic entity of the system; . A high capacity data stream between each pair of network nodes in the set, said stream enabling M simultaneous bidirectional communications. According to a third characteristic of the invention, the simultaneous bidirectional communications M which constitute the high capacity data stream between each pair of network nodes are interleaved in time using the time division multiplexing technique, the M time slots corresponding to said Bidirectional communications are used to continuously exchange content between each pair of network nodes, said content consisting of: - Any signaling message between the electronic entities and their corresponding network nodes - Any communication of data between pairs of entities 30 Electronic - A fictitious data flow corresponding to all electronic entities that do not have a data communication in progress.

According to a fourth characteristic of the invention, any signaling message exchanged between an electronic entity and its corresponding network node, as well as any exchange of content between two electronic entities through their corresponding network nodes, as well as any fictitious data flow between each A pair of network nodes is done through the UDP protocol of the Internet networks. According to a second main characteristic, the present invention relates to a method for the secure and anonymous exchange of data between two users, said data being transmitted by means of programmable electronic entities and computer machines in the Internet network; said confidential data being in particular in the form of voice or SMS type information or emails; said computer machines in the internet network being referenced as 'network nodes'; each programmable electronic entity having a logical interconnection with a so-called 'corresponding' network node, which is part of the set of network nodes, the method comprising: the following initial steps: the selection of the corresponding network node by the network node; programmable electronic user entity - The exchange of so-called 'public' keys between the programmable electronic entity of the user and the corresponding network node - The storage of the internet address of the network node corresponding to each electronic entity the system in a dynamic database of each network node, said dynamic database being associated with a corresponding static database, containing the identity of each user of the system, said identity having been encrypted by the programmable electronic entity with the public key of the corresponding network node 30 - The triggering of a periodic stream of signal messages sation, each message being a presence notification sent by the electronic entity of the system to the corresponding network node, said presence notification containing the `Hello 'header and the identity of the user; said signaling message being encrypted with the public key of the corresponding network node; said encrypted signaling message always having the same size. - Triggering a periodic stream of signaling messages, each message being a response to the presence notification, said response being sent by the corresponding network node and containing the header 'Hello' and the identity of the user; said signaling message being encrypted with the public key of the corresponding electronic entity; said encrypted signaling message always having the same size. The following steps for the management of said periodic flow of signaling messages, said management comprising the actions of establishment, acceptance / rejection and interruption of the communication: the detection of the actions of the user by the electronic entity programmable, said actions comprising the commands for establishing, accepting / rejecting and interrupting the communication - The construction of the signaling messages by the programmable electronic entity, according to the actions of the user and according to the following correspondences : o A message of the type 'Cali' or 'SMS' or Send ', followed by the identity of the recipient is generated following a call establishment action, the sending of an SMS or the sending an email o A message of type `Accept or` Reject is generated following an action of acceptance / rejection of a call or an SMS or an email, said action of acceptance / rejection following an alert sent to the electronic entity progresses ammable of the user from the corresponding network node o A 'Release' type message is generated following an action of interruption of a call - The sending of said signaling messages by the programmable electronic entity, incorporating the signaling messages in the periodic stream of presence notification messages according to the description of the initial steps of the method; said incorporation being done by replacing the expected presence notification message with the next time sample by said signaling message; said signaling message being encrypted with the public key of the corresponding network node; said encrypted signaling message always having the same size. The detection by the corresponding network node of the signaling messages originating from the transmitting electronic entity and the consequent generation of the response messages to the transmitting electronic entity and / or alert messages to the destination electronic entity according to the following correspondences: o A message of the type 'blair, followed by a random waiting time is generated and sent to the sending electronic entity following the reception of a message of the type' Cali 'or `SMS' or` Send 'from the latter o A message of the type' Cali 'or' SMS 'or `Send, followed by the identity of the sender is generated and sent to the receiving electronic entity following receipt of a message of type Wello 'from the latter o A message of type `Accept or` Reject is generated and sent to the electronic entities (transmitter and recipient) following the reception of a message of type `Accept or` Reject o A message of type 'Release' is generated and sent to the electronic entities (issuer and recipient) following the receipt of a message of type 'Release' The sending of said signaling messages by the corresponding network nodes to - respectively - the electronic entity transmitter and receiver, by incorporating signaling messages into the periodic stream of responses to presence notification messages according to the description of the initial steps of the method; said incorporation being done by replacing the response to the expected presence notification message to the next time sample by said signaling message; said signaling message being encrypted with the public key of the corresponding electronic entity (issuer and recipient); said encrypted signaling message always having the same size. - The following steps for the management of the release / release of the communication data flows as well as for the routing of said flows between two programmable electronic entities (an issuer, a recipient): - A message of type `Ce or` SMS 'or Send' sent by the programmable electronic entity triggers a timer in the latter, the timer expiring after a random duration whose value is received from the corresponding network node by means of a message of type `Wair - The sending of a fictitious data stream of the corresponding network node to the programmable electronic entity transmitting the message 'Cali' or SMS 'or `Send', said dummy stream being triggered upon receipt of said message; the duration of said fictitious flow corresponding to the random duration of said timer - the exchange of the communication data between two programmable electronic entities as soon as said timer expires, each programmable entity exchanging the communication data with its corresponding network node; the two corresponding network nodes relaying the data flows between the two programmable electronic entities by means of a dynamic routing table which enables the corresponding network node of the sending electronic entity to know the IP address of the network node corresponding to the electronic entity recipient ; said data stream being organized in packets, each packet being encrypted with a key shared between the electronic entities (issuer and recipient); said encrypted packet always having the same size. - A 'Release' type message sent by the issuing programmable electronic entity triggers the stop of data flows between; on the one hand the issuing electronic entity and its corresponding network node as well as between the destination electronic entity and its corresponding network node; on the other hand, the two network nodes corresponding to the two electronic entities (transmitter, recipient) - Said 'Release' message sent by the transmitting programmable electronic entity also triggers the sending of a fictitious data stream of the corresponding network node to the recipient electronic entity to the latter; said fictitious data flow being interrupted by a 'Release' type message sent to the destination electronic entity of the corresponding network node in response to the next presence notification message from said recipient electronic entity The invention and its different applications will be better understood by reading the following description and examining the figures that accompany it. BRIEF DESCRIPTION OF THE FIGURES These are presented only as an indication and in no way limit the invention.

Fig. 1 schematically shows a non-limiting embodiment of the system according to the invention. Fig. 2 schematically represents a non-limiting embodiment of the functional components of the electronic entity of the user and the node of the corresponding network. FIG. 3 represents a sequence diagram comprising the steps of the method of setting up a call between two electronic entities. FIG. 4 represents a sequence diagram comprising the steps of the method of sending / receiving SMS between two electronic entities.

DESCRIPTION OF THE EMBODIMENTS The system according to the invention is described in a non-limiting embodiment in FIG. 1 which illustrates the following components: A first electronic entity (10A) belonging to a first user 'A'.

In the following description will be taken as a non-limiting example a mobile phone (also called 'smartphone'). The electronic entity (10A) can also be a workstation, a workstation, a desktop or laptop computer, a portable tablet or a landline telephone (also called `` softphonel '', containing software enabling it to communicate via the Internet. electronic entity (10A) can also be a `modem '(also called' box ') which allows the consumption of any service on the internet (such as navigation, voice / video calls, television) .The mobile phone (10A) contains a custom application ("applet") (15), according to particular embodiments, the contribution of the applet (15) to the overall security of the system may consist of: Generating a signaling flow at periodic intervals towards the node corresponding network (20), each signaling message may contain communications management information.

Receive from the corresponding node of the network (20) responses for each signaling message sent. - Encrypt / decrypt said signal stream transmitted / received with respectively - the public key of the corresponding node of the network (20) and the private key of the mobile phone (10A). - Manage the transmission / reception of the content of communications (voice, SMS, emails) between the mobile phone (10A) and the corresponding node of the network (20). - Encrypt / decrypt said content of communications with a key shared between the mobile phone (10A) and the mobile phone of the correspondent (10B). - Manage the user interface for any order received from the latter (call request, SMS sending, etc.) and for any command in the direction of the latter (incoming call notification, SMS reception, etc.) A first node of the network (20). According to a nonlimiting example, the mobile telephone (10A) is 'attached' to a first node of the network (20), which is called the 'corresponding node of the network' with respect to the mobile telephone (10A). The mobile phone (10A) and its corresponding network node (20) have a logical connection through a first internet network (31). The network (31) may belong to a mobile operator if the telephone (10A) operates a cellular-type radio interface (for example, `3G 'or` 4G'). The network (31) may belong to a 'fixed' operator if the telephone (10A) operates a WLAN type radio interface (for example, WiFi 'or WiMax'). According to a nonlimiting example, the system according to the invention may contain several network nodes, for traffic distribution purposes, or according to the geographical extension of the coverage area. A second electronic entity (10B) belonging to a second user 15 'B'. A second node of the network (21). As for the mobile phone (10A), the electronic entity (10B) is a mobile phone that contains the same applet (15) and shares a logical connection with its 'corresponding node of the network' (21) through a second internet network (32). The two network nodes (20) and (21) are interconnected by a preferably wired physical link and a high-capacity logical logical link of the 'Virtual Leased Line' (VLL) and / or Virtual Private Network (VPN) type. . Fig. 1 also illustrates the signaling flow and the data flow between the various components of the system according to the following nonlimiting embodiment: A signaling flow (40) between the mobile telephone (10A) and its corresponding network node (20) The dash-dot line (40) represents the signaling flow of the mobile telephone (10A) to its corresponding network node (20). Note that for reasons of simplicity of exposure and design - only one unidirectional signaling flow is represented, according to the direction of the time axis (t) of FIG. 1.

Signaling messages are sent periodically every P seconds; as already explained, the 'meaningful' messages for communication control (trigger, shutdown, etc.) are embedded in the continuous periodic stream. In other words, in the absence of user actions that would trigger control messages, presence notification messages are sent from the mobile phone (10A) to its corresponding network node (20). The signaling messages are encrypted using the public key KPubS of the corresponding network node (20). Encrypted signaling messages always have the same size, regardless of their nature (presence notification or control messages). A signaling flow (50) between the network node (21) and the mobile telephone (10B) The dash-dot line (50) represents the signaling flow from the network node (21) to the mobile telephone (10B). As for the dash-dot line (40) only one unidirectional signal flow is represented, according to the direction of the time axis (t) of FIG. 1. Signaling messages (alerts, responses) are sent periodically every P seconds; as already explained, the 'meaningful' messages for communication control (call alert, etc.) are embedded in the continuous periodic flow. In other words, in the absence of the control messages, responses to the presence notification messages are sent from the network node (21) to the mobile telephone (10B). The signaling messages are encrypted using the public key KpubB of the mobile phone (10B). Encrypted signaling messages always have the same size, regardless of their nature (response to presence notification or control messages). A data stream (41) between the mobile telephone (10A) and its corresponding network node (20) The line (41) represents the data flow (voice, SMS, emails, etc.) of the mobile telephone (10A) to its corresponding network node (20). The data stream (41) is not synchronized with the signaling stream (40). In other words, the start of a communication session is done after the flow of a random value counter TA following the signaling message containing the request to trigger said communication session. The data stream (41) is encrypted using a shared key KAB between the sending mobile telephone (10A) and its receiving party (10B). A data flow (51) between the network node (21) and the mobile telephone (10B) The line (51) represents the data flow (voice, SMS, emails, etc.) from the network node (21) to the mobile phone (10B).

The data stream (51) is not synchronized with the signaling stream (50). In other words, the start of a communication session is done after the flow of a random value counter TB following the signaling message containing the triggering alert of said communication session.

The data stream (51) is encrypted using the shared key KAB between the mobile phones (10A) and (10B). A signaling and data stream (60) between the network nodes (20) and (21) The line (60) represents the digital flow (signaling, voice, SMS, emails, etc.) between the network nodes (20). ) and (21). The signaling messages for the control of the communications as well as the content of the latter are incorporated in a high capacity stream allow M simultaneous bidirectional communications between M pairs of mobile phones.

According to the non-limiting example of FIG. 1, M bidirectional communications are interleaved over time using the technique of time division multiplexing (in English, TDM, 'Ms Division Multiplexing'). In the exemplary context of FIG. 1, only the mobile phones (10A) and (10B) exchange signaling messages and the contents of a communication session: The signaling messages (bidirectional) between the mobile phone (10A) and its corresponding network node (20) are exchanged in the time slots (140) The signaling messages (bidirectional) between the mobile telephone (10B) and its corresponding network node (21) are exchanged in the time slots (150) The contents of the communication (monodirectional) between the mobile phone (10A) and its corresponding network node (20) is exchanged in the time slots (141). Note: The content of the communication (monodirectional) between the network node (20) and the mobile phone (10A) is not shown for reasons of simplicity of exposure and drawing.

The content of the (unidirectional) communication between the network node (21) and the mobile telephone (10B) is exchanged in the time slots (151). Note: The content of the communication (monodirectional) between the mobile phone (10B) and its corresponding network node (21) is not shown for reasons of simplicity of exposure and drawing. According to the non-limiting example of FIG. 1, the (M-4) time intervals corresponding to bidirectional communications that remain available on the stream (60) are used to exchange dummy content between the network nodes (20) and (21). Thus, all timeslots available on the high-speed stream (60) are used to transmit either real information or dummy information. Any attempt to interception / spying on the stream (60) implies that all time slots must be decrypted (using as many different keys) before attempting to understand whether they contain real information or information fictitious. Fig. 2 is a non-limiting diagram of one embodiment of a method for setting up secure and anonymous communications according to the invention by means of the system of FIG. 1. According to FIG. 2 schema 30 comprises at least: An electronic entity of the user (10), preferably a mobile phone. The mobile phone (10) hosts an "applet" (15) which: - Contains and manages all the static and dynamic databases and memory areas (such as arrays, buffers, objects, etc.) necessary for the implementation place secure and anonymous communications. - Executes the functionalities allowing any exchange of signaling and data with a corresponding network node (20).

Thus, the applet (15) comprises: A software module (107) dedicated to all the authentication and encryption / decryption operations according to the procedures forming part of a public key infrastructure (PKI) ). The roles and services of the PKI are well known by art experts.

It should be noted that in the context of the invention and in view of its nature the responsible entities that are part of the PKI will be: - Any government or any administration or company that wishes to implement the system and the process according to the 'invention and who will have the role of' certification authority ',' registration authority (certificates), 'filing authority (certificates)'. - Any employee or attach or subcontractor of the said organizations who is authorized to recover the role of 'final entity' (user) The software module executes all the functionalities necessary for: The creation of the private keys of the user.

The generation of public keys KpubA (or KPubB), according to the system of FIG. 1, as well as the certification of these keys. The generation of shared keys KAB, according to the system of FIG. 1. The storage of the shared key KAB once encrypted with the public key KPubA (or KPub13), The storage of the public key KPubS, according to the system of FIG. A software module (108) dedicated to all contact management operations. By way of non-limiting example, each entry in the list of contacts of a user 'A' will contain at least: - The coordinates of a user 3 '(Name, Surname, any other useful field) - A corresponding identity under the form of an alphanumeric string. It should be noted that each establishment of a new signaling connection between the mobile phone (10) and its corresponding network node (20) causes a procedure for encrypting the identity of each user with a new public key KPubS. The encrypted identity associated with each contact is renewed at each new connection between the mobile phone (10) and the corresponding network node (20). A temporary buffer (100) which stores the exchanged content - in transmission and reception - between the mobile phone (10) and the corresponding network node (20). By way of nonlimiting example, in the case of a telephone conversation between the user 'A' and his correspondent 'B' the temporary buffer (100) stores an encrypted RTP frame with the key shared KAB, according to the system of Fig. A server (104) / client pair (102) that transmits the contents of the temporary buffer (100) to an outgoing access interface, preferably according to the UDP protocol. The outgoing access interface is characterized by the IP address 15 of the corresponding network node (20) and a transmission port of the audio content. A server (101) / client pair (103) that transmits the contents of an incoming access interface - preferably according to the UDP protocol - to the temporary buffer (100). The incoming access interface is characterized by the IP address of the corresponding network node (20) and a reception port of the audio content. A client (106) that transmits the signaling messages (presence notification and communications control) to an outgoing access interface, preferably according to the UDP protocol. The outgoing access interface is characterized by the IP address of the corresponding network node (20) and a signaling transmission port. A server (105) that receives responses to signaling messages from an incoming access interface, preferably according to the UDP protocol. The incoming access interface is characterized by the IP address of the corresponding network node (20) and a signaling receiving port. A client (110) / server (109) pair in which: - The client (110) manages the operations of the user interface and informs the server. - The server (109) stores the commands / alerts from / to the user interface and synchronizes them with the activities of the client (106) and the server (105).

A network node (20) which comprises: A software module (209) dedicated to all the authentication and encryption / decryption operations according to the procedures forming part of a public key infrastructure (PKI) '). The software module executes all the functionalities necessary for: - The generation of a private and public key KPubS and the certification of the latter, according to the system of FIG. 1. - The storage of public keys KPUbA (and / or KPub13), according to the system of FIG. A dynamic database (207) in which each element contains temporary information related to each user whose electronic entity has established a signaling connection with the network node (20). By way of non-limiting example, the element of the database (207) in correspondence of the user 'A' will contain: The Internet address of the mobile phone of the user 'A'.

The internet address of the network node in correspondence with the mobile telephone of the correspondent 'B'. - the identity corresponding to the user 'A', in the form of an alphanumeric character string; said identity is encrypted with the public key KPubS, according to the system of FIG. 1. - The identity corresponding to the user 'B', also in the form of an alphanumeric character string and encrypted with the public key KPubS, according to the system of FIG. 1. - The operational status of mobile phone users' A 'and 1: 3'; the concept of operational state will be explained in the following description using a sequence diagram. A server (202) that receives the contents of a communication session from an incoming access interface, preferably according to the UDP protocol. The incoming access interface is characterized by the IP address of the corresponding mobile phone (10) and a content receiving port.

A client (201) that transmits the contents of a communication session to an outgoing access interface, preferably according to the UDP protocol. The outgoing access interface is characterized by the IP address of the corresponding mobile phone (10) and a content transmission port.

It should be noted that, thanks to the dynamic database (207), the network node (20) can route any signaling message to the correspondent 3 'as well as any communication session towards the network node corresponding to the mobile phone of TV. A server (206) that receives the signaling messages (presence notification and communication control) from an incoming access interface, preferably according to the UDP protocol. The incoming access interface is characterized by the IP address of the corresponding mobile telephone (10) and a signaling receiving port. A client (205) that transmits the responses to the signaling messages to an outgoing access interface, preferably according to the UDP protocol. The outgoing access interface is characterized by the IP address of the corresponding mobile telephone (10) and a signaling transmission port. Fig. 3 shows a sequence diagram comprising the steps of the method of setting up a call between the mobile telephone of a user 'A' and that of his correspondent 'B'. In order to simplify the description and the drawing, it is assumed that the mobile telephones (10A) and (10B) are "attached" to the same network node (20). A series of preliminary steps (not shown in Fig. 3) are performed in the "applets" (15) of the mobile phones and in the network node (20). Before describing the preliminary steps and sequence diagram of Figs. 3 It is necessary to introduce the formalism that is used in the PKI context and which is well known by the art experts. 30 Preamble - Formalism We define: K: a key of encryption / decryption; K can represent a public key (for encryption), a private key (for decryption) or a shared symmetric key (for encryption / decryption) M: the clear message C: the encrypted message - E: the encryption function, such that: E (M, K) = C El: the decryption function, such that: El (C, K) = M g, p: the public elements for the Diffie-Hellman key exchange algorithm - a, b: private exponents for the Diffie-Hellman key exchange algorithm Preamble - Preliminary steps In order for users 'A' and 'B' to establish an encrypted and anonymous communication session, it is necessary that respective mobile phones (10A) and (10B) have established a secure connection with a shared key. For this purpose, the following exchange takes place between the "applets" (15) of the telephones (10A) and (10B): The "applet" (15) of the telephone (10A) generates a private exponent and calculates X = <ga> p - X is sent to the telephone (10B) via the network node (20) The "applet" (15) of the telephone (10B) generates a private exponent b and calculates Y = <gb> p Y is sent to telephone (10A) via the network node (20) The "applet" (15) of the telephone (10A) calculates KAB = <ye> p = <gba> p - The "applet" (15) of the telephone (10B) calculates KAB = "b> p = <gab> p KAB is therefore the key shared between the telephones (10A) and (10B).

Sequence diagram according to FIG. The method of anonymous exchange of encrypted data between two mobile terminals is described in a non-limiting embodiment in FIG. 3. The method is based on the UDP protocol.

As already explained, each mobile phone sends a periodic signaling flow: in a non-limiting embodiment, each signaling message consists of: - A notification of presence, in the absence of any action on the part of the user - Control signaling of the communication session, following an action on the part of the user (triggering a call, responding to an incoming call signal, etc.) According to FIG. 3, the time interval between two signaling messages 5 is P seconds. All mobile terminals according to the system use the same period. The network node (20) receives the periodic signaling stream from all the mobile terminals. The terminals are not synchronized with each other: according to FIG. 3, the time difference between the reception of the signaling of the mobile terminal (10A) and that of the mobile terminal (10B) is AP seconds. Following receipt of a signaling message, the network node (20) sends an immediate response to the transmitting terminal, said response being able to be: - An echo when receiving a presence notification 15 - A response / an alert when receiving session control signaling In Fig. 3 the periodic signaling flow is referenced with a dash-dot line; the data stream (audio stream) is referenced with a continuous line. The process described in FIG. 3 comprises the following steps: Step 1a (mobile terminal direction (10A) network node (20) and vice versa) Initial state of the mobile terminal (10A): not attached Signaling message = presence notification: E (Hello) IDA, Kpubs) 25 - A 'Hello' presence notification is sent, containing the corresponding IDA identity to the user 'A'. - The message is encrypted with the public key Kpubs of the network node (20) Note: thanks to the presence notification, the network node (20) knows 30 and updates - if necessary - the IP address of the mobile terminal (10A). Action of the network node (20): sending an encrypted echo with the public key KPubA of the mobile terminal (10A) E (Hello IDA, KpubA) Final state of the mobile terminal (10A): Attached Step 1b (mobile terminal direction (10B) network node (20) and vice versa. Initial state of the mobile terminal (10B): unattached Signaling message = presence notification: E (Hello IDB, Kpubs) A Hello 'presence notification is sent, containing the corresponding IDB identity to the user `F. The message is encrypted with the public key KPubS of the network node (20).

Note: thanks to the presence notification, the network node (20) knows and updates - if necessary - the IP address of the mobile terminal (10B). Also note: there is a time difference between sending (receiving) signaling messages from two mobile terminals. This difference is referenced AP in FIG. 3 Action of the network node (20): sending an encrypted echo with the public key KPubB of the mobile terminal (10B) E (Hello Ms, KPubB) Final state of the mobile terminal (10B): Attached Step 2a (mobile terminal direction (10A) Network node (20)) Initial state of the mobile terminal (10A): Attached Signaling message = Call request: E (Cali IDB, Kpubs) A call request 'Cali' is sent, containing the Identity IDB corresponding to the user 'B' (recipient of the call).

The message is encrypted with the public key KPubS of the network node (20). Note: there is a time difference between the sending (reception) of the signaling messages of step 2a (2b) and step 1a (1b). This difference is referenced P in FIG. 3.

Action of the network node (20) (network node direction (20) -> mobile terminal (10A)): Sending the waiting time notification (P-AP) before the connection is made. This waiting time is random because the terminals are not synchronized temporally. 301 19 9 8 26 E (Wait (P - AP), KpubA) Receiving this notification triggers a timer in the "applet" (15) of the mobile terminal (10A). End state of the mobile terminal (10A): waiting for the audio communication 5 Change in the initial state of the mobile terminal (10B): waiting for the call alert. Step 2b (mobile terminal direction (10B) -> network node (20)). Initial state of the mobile terminal (10B): Attached - waiting for the call alert. 10 Signaling message = Presence notification: E (Hello IDB, Kpubs) A 'Hello' presence notification is sent, containing the corresponding IDB identity to the user 'B'. The message is encrypted with the public key Kpubs of the network node (20). Action of the network node (20) (direction network node (20) mobile terminal (10B)): - Sending a call alert, containing the identity of the caller. E (Cali IDA, KPub13) 20 End state of the mobile terminal (10B): waiting for the audio communication Note: when the alert is received, the mobile phone (10B) does not ring immediately: the alarm is triggered by correspondence of the next signaling message. Step 2c (network node direction (20) mobile terminal (10A)) Network node action (20): Sending a fictitious audio stream instead of the real stream, in order to 'mask' the true beginning of the conversation between the two users. E (Fictitious flow, KpubA) Step 3a (mobile terminal direction (10A) network node (20) and vice versa) Initial state of the mobile terminal (10A): Attached - waiting for audio communication Signaling message = notification presence: E (Hello IDA, Kpubs) Action of the network node (20): Send an encrypted echo E (Hello IDA, KPubA) Final state of the mobile terminal (10A): waiting for the audio communication Step 3b ( local step in the terminals (10A) and (10B) At the sending of the next signaling message from the terminal (10B), the two telephones ring simultaneously: - The terminal (10B) rings following the alert of received call (step 2b) - The terminal (10A) rings when the timer expires (step 2a) Step 3c (mobile terminal direction (10B) -> network node (20) and vice versa). Initial state of the mobile terminal (10B): Attached - waiting for the call alert. Signaling message = presence notification: E (Hello IDB, Kpubs) Network node action (20): sending an encrypted echo E (Hello IDB, KPubB) Final state of the mobile terminal (10B): in communication Note : following step 3c, the mobile terminal (10A) also changes state (in communication) Step 3d (between the two mobile phones (10A) and (10B)) Following step 3b, the two users accept Communication. An audio stream is established between the two mobile phones. In the case of the telephone (10A) the audio stream replaces the hypothetical stream set up by the network node in step 2c.

The audio stream is encrypted with the KAB shared key, calculated by both mobile phones through the Diffie-Hellman procedure explained in the Preamble - Preliminary Steps section. The KAB key is calculated just before setting up the audio communication. Step 4a (mobile terminal direction (10A) -> network node (20) and vice versa) Initial state of the mobile terminal (10A): attached - in communication Signaling message = presence notification: E (Hello IDA, Kpubs ) Action of the network node (20): sending an encrypted echo E (Hello IDA, KpubA) Final state of the mobile terminal (10A): attached - in communication Step 4b (mobile terminal direction (10B) -> network node (20)) Initial state of the mobile terminal (10B): attached - in communication Signaling message = request to cut the call (following the hook-up by the user `B '): E (Release, Kpubs) Action of the network node (20) (network node direction (20) -> mobile terminal (10B)): sending an encrypted echo.

E (Release, KpubB) End state of the mobile terminal (10B): Attached Step 4c (Actions of the network node (20)): - The audio channels between the network node (20) and the two mobile phones are down. - (network node direction (20) mobile terminal (10A)) sending a fictitious audio stream instead of the real stream, in order to 'hide' the true end of the conversation between the two users. E (Fictitious Flow, KpubA) Note: The end state of the mobile terminal (10A) becomes: attached - waiting for channel release. Step 5a (mobile terminal direction (10A) -> network node (20)). Initial state of the mobile terminal (10A): Attached - waiting for release of the channel. Signaling message = presence notification: E (Hello IDA, Kpubs) Network node action (20) (network node direction (20) -> mobile terminal (10A)): - Sending a channel release request . E (Release, KpubA) End state of the mobile terminal (10A): Attached. Step 5b (mobile terminal direction (10B) -> network node (20) and vice versa) Initial state of the mobile terminal (10B): Attached Signaling message = Presence notification: E (Hello IDB, Kpubs) Action of the node network (20): sending an encrypted echo E (Hello IDB, KPubB) Final state of the mobile terminal (10B): attached.

Step 6a (mobile terminal direction (10A) -5 network node (20) and vice versa) Initial state of the mobile terminal (10A): Attached Signaling message = Presence notification: E (Hello IDA, Kpubs) Action of the node network (20): sending an encrypted echo E (Hello IDA, KPubA) Final state of the mobile terminal (10A): attached. Step 6b (mobile terminal direction (10B) -> network node (20) and vice versa) Initial state of the mobile terminal (10B): Attached Signaling message = Presence notification: E (Hello IDB, Kpubs) Etc. etc.

It should be noted that the network node (20) resynchronizes the signaling flows and data between the two mobile phones. In this way, a correction of the jitter of the two mobile phones is performed, thus rendering inoperative any attack based on the analysis of timings.

Sequence diagram according to Fiq. The method of anonymous exchange of encrypted data between two mobile terminals is described later in a non-limiting embodiment in FIG. 4, which shows an SMS exchange between users 'A' and 'B'. In FIG. 4 the periodic signaling flow is referenced with a dash-dot line; the data flow (SMS) is referenced with a continuous line. As already explained in FIG. 3, the network node (20) receives the periodic signaling stream from all mobile terminals (dash-dot line).

The same conventions and the same symbols referenced in FIG. 3 also apply in FIG. 4. The process described in FIG. 4 comprises the following steps (only the differences with respect to the corresponding steps of Fig. 3 are explained): Step 2a (mobile terminal direction (10A) -> network node (20)) Initial state of the mobile terminal (10A): Attached Signaling message = request to send an SMS: E (SMS IDB, Kpubs) An 'SMS' request is sent, containing the corresponding IDB identity to the user 'B' (SMS recipient). The message is encrypted with the public key Kpubs of the network node (20). Action of the Network Node (20) (Network Node Direction (20) Mobile Terminal (10A)): Sending the Wait Time Notification (P-AP) before sending the SMS. This waiting time is random because the terminals are not synchronized temporally. E (Wait (P - LIP), KpubA) Receipt of this notification triggers a timer in the "applet" (15) of the mobile terminal (10A). End state of the mobile terminal (10A): waiting for the sending of the SMS Change in the initial state of the mobile terminal (10B): waiting for the SMS alert.

Step 2b (mobile terminal direction (10B) network node (20)). Initial state of the mobile terminal (10B): Attached - waiting for the SMS alert. Signaling message = presence notification: E (Hello IDB, Kpubs) Network node action (20) (network node direction (20) -> mobile terminal (10B)): - Sending an SMS alert, containing the identity of the issuer. E (SMS IDA, KPub13) End state of the mobile terminal (10B): waiting for the reception of the SMS Step 2c (direction network node (20) -> mobile terminal (10A)) Action of the network node (20): - Sending a fictitious data stream in place of the actual SMS communication, in order to 'hide' the actual sending of the SMS from the mobile terminal (10A).

E (Fictitious flow, KpubA) Step 3a (mobile terminal direction (10A) network node (20) and vice versa) Initial state of the mobile terminal (10A): Attached - waiting for the sending of the SMS Signaling message = presence notification: E (Hello IDA), Kpubs) Action of the network node (20): Send an encrypted echo E (Hello IDA), KpubA) Final state of the mobile terminal (10A): Attached - waiting for the sending the SMS Step 3b (local step in the terminals (10A) and (10B)) When the next signaling message is sent by the terminal (10B), the two telephones simultaneously emit an audible signal: - The terminal (10B) issues a received SMS alert - The terminal (10A) transmits a sent SMS notification upon expiry of the timer Step 3c (mobile terminal direction (10B) network node (20) and vice versa). Initial state of the mobile terminal (10B): Attached - waiting for the call alert. Signaling message = presence notification: E (Hello IDB, Kpubs) Network node action (20): sending an encrypted echo E (Hello IDB, KpubB) Final state of the mobile terminal (10B): receiving the SMS A note: following step 3c, the mobile terminal (10A) also changes state (SMS transmission) Step 3d (between the two mobile phones (10A) and (10B)) Following step 3b a flow of Data (SMS) is established from the mobile phone (10A) to the telephone (10B). The SMS is encrypted with the KAB shared key, calculated by both mobile phones through the Diffie-Hellman procedure explained in the Preamble - Preliminary Steps section. The KAB key is calculated just before sending the SMS. Step 4a (mobile terminal direction (10A) -> network node (20) and vice versa) Initial state of the mobile terminal (10A): Attached 10 Signaling message = Presence notification: E (Hello IDA, Kpubs) Action of the network node (20): sending an encrypted echo E (Hello IDA), kPubA) Final state of the mobile terminal (10A): attached 15 Step 4b (mobile terminal direction (10B) -> network node (20) ) Initial state of the mobile terminal (10B): Attached Signaling message = request to send an SMS (the user 'B' answers to his correspondent): E (SMS IDA, Kpubs) 20 Action of the network node ( 20) (network node direction (20) -> mobile terminal (10B)): - Send the waiting time notification (P-AP) before sending the SMS. E (Wait (P-AP), kPubB) Receipt of this notification triggers a timer in the "applet" (15) of the mobile terminal (10B). Sending a fictitious data stream instead of real SMS communication, in order to 'hide' the actual SMS sending from the mobile terminal (10B).

30 E (Hypothetical flow, kPubB) Final state of the mobile terminal (10B): waiting for the sending of the SMS Change of state of the mobile terminal (10A): waiting for the reception of the SMS. Step 5b (local step in the mobile telephones (10A) and (10B)) At the sending of the next signaling message from the terminal (10A), the two telephones simultaneously emit an audible signal: - The terminal (10A) sends a received SMS alert - The terminal (10B) transmits an SMS notification sent, upon expiration of the timer Step 5d (between the two mobile phones (10A) and (10B)) Following step 5b a flow of data (SMS) is established from the mobile phone (10B) to the telephone (10A). The SMS is encrypted with the shared key KAB, already calculated in step 3d.10 GLOSSARY AND ABBREVIATIONS USED 3G: "Third Generation", generation of mobile telephony standards. It is mainly represented by the Universal Mobile Telecommunications System (UMTS) and CDMA2000 standards, allowing much faster speeds (from 2 to 42 Mb / s) than with previous generations ('2G', '2,5G') 4G: "Fourth Generation", the successor of 2G and 3G. It allows "very mobile broadband", that is to say data transmissions at theoretical speeds greater than 100 Mb / s, or even greater than 1 10 Gb / s. Applet: Software hosted by an operating system that functions as a normal software application, but performs a small set of tasks. Object: symbolic container, which has its own existence and incorporates information and mechanisms related to a tangible thing of the real world; an object is manipulated in a computer program such as an applet. PKI: Public Key Infrastructure (PKI), set of physical components (computers, hardware or software cryptographic equipment), human procedures (checks, validation) and software (system and application) to manage the lifecycle of digital certificates or certificates. RSA: "Rivest Shamir Adelman" (named by the initials of his three inventors), asymmetric cryptographic algorithm: he uses a pair of keys (integers) consisting of a public key to encrypt and a private key for decrypting RTP confidential data: Real-time transport protocol, a transport computer protocol for real-time (simulated) broadcast over Internet networks 30 TDM: Time Division Multiplexing, digital multiplexing technique enabling digital multiplexing a transmitter to transmit a plurality of low bit rate digital channels (voice, data, video) on the same higher speed communication medium by interleaving samples of each of these UDP channels: "User Datagram Protocol", protocol which allows the transmission of data in a very simple way between two entities, each being defined by an IP address and a number of Harbor. Unlike the TCP protocol, the UDP protocol works without negotiation: there is no connection procedure prior to sending the VLL data: "Virtual Leased Line", means that provides a point-to-point connection on a IP network. VPN: "Virtual Private Network", an inter-network connection allowing to link two different local networks by a so-called tunnel protocol. WiFi: "Wireless Fidelity", a set of wireless communication protocols governed by the IEEE 802.11 group standards, referring to a wireless local area network. WiMAX: Worldwide Interoperability for Microwave Access is a wireless communication standard. Today mainly used as a mode of transmission and access to broadband Internet, covering an extensive geographical area.

Claims (5)

REVENDICATIONS1. The present invention relates to a system for exchanging data securely and anonymously between two users, said data being transmitted by means of user programmable electronic entities and computer machines in the Internet network; said confidential data being in particular in the form of voice or SMS type information or emails; Said programmable electronic entities of the users being characterized in that they comprise: a dedicated software module intended to: generate a periodic stream of signaling messages, each message being a presence notification containing the user's identity; o Manage the sending of said periodic stream of signaling messages from the programmable electronic entity of the user to a computer machine in the Internet network, each signaling message being encrypted by the user's programmable electronic entity and decrypted by the computer machine in the internet network, the encryption and decryption being done according to an asymmetric encryption algorithm o Manage the reception of the replies in correspondence of said signaling messages, each response being sent by the computer machine in the Internet network using said 25 asymmetric encryption algorithm o Following a action of the user, replace a presence notification contained in the periodic flow of signaling messages by a control message for the exchange of secure and anonymous data 30 o Organize any encrypted signaling message - is it a notification message presence or a control message - according to computer packages that are always the same size; Said computer machines in the Internet network (also called 'network nodes') being characterized in that they comprise: - A dedicated software module intended to: o Generate a periodic stream of signaling messages, each message being a response to a notification presence of a user programmable electronic entity and containing its identity o Manage the sending of said periodic flow of signaling messages to the user's programmable electronic entity, each signaling message being encrypted according to an algorithm of Asymmetric encryption o Following the receipt of a message setting up or terminating an exchange of secure and anonymous data, the sending to the programmable electronic entity of the user of the notification of a time of random waiting before setting up or terminating said exchange of data. 2. System according to claim 1, characterized in that it comprises: A set of electronic entities, each entity belonging to a corresponding user and characterized in that it comprises a dedicated software module which comprises: a software module for managing and storing two security keys, the first key being the public key of the corresponding network node, said public key enabling the encryption of a periodic stream of signaling messages sent to said corresponding network node; the second key being shared with another electronic entity belonging to another user in case of establishment of a data connection between the two electronic entities - A software module for managing the list of contacts of the user, each contact characterized by an identity in the form of an alphanumeric character string - A software module for managing the user interface, said module for interpreting the user's actions, such as commands or responses to alerts, and construct the corresponding signaling message, so that it is incorporated in the periodic flow of signaling messages exchanged with said corresponding network node A set of network nodes, each network node being defined as 'corresponding network node' of an electronic entity with which it has a logical interconnection and characterized in that it comprises: - A first base of d static data, containing the identity of each user of the system, said identity having the form of an alphanumeric character string - A second dynamic database, associated with the first database and containing the temporary information of each user whose electronic entity has established a signaling connection with its corresponding network node, said temporary information comprising: o The identity of the user, encrypted with the public key of the corresponding network node o The Internet address of the network node corresponding to each entity electronic system o A high capacity data stream between each pair of network nodes of the set, said stream allowing M simultaneous bidirectional communications. 3. System according to claims 1 and 2, characterized in that the M simultaneous bidirectional communications that constitute the high capacity data stream between each pair of network nodes are interleaved in time using the time division multiplexing technique, the M intervals. time corresponding to said bidirectional communications are used to permanently exchange content between each pair of network nodes, said content consisting of: - Any signaling message between the electronic entities and their corresponding network nodes - Any communication of data between pairs of nodes Electronic entities - A fictitious data flow corresponding to all electronic entities that do not have a data communication in progress System according to claims 1, 2, 3, characterized in that any signaling message exchanged between an electronic entity and its corresponding network node, as well as any exchange of content between two electronic entities through their corresponding network nodes, as well as any fictitious data flow between each pair of network nodes is done via the UDP protocol of the Internet networks. 5. A method for the secure and anonymous exchange of data between two users, said data being transmitted by means of programmable electronic entities and computer machines in the Internet network; said confidential data being in particular in the form of voice or SMS type information or emails; said computer machines in the internet network being referenced as 'network nodes'; each programmable electronic entity having a logical interconnection with a so-called 'corresponding' network node, which is part of the set of network nodes, characterized in that it comprises: The following initial steps: - The selection of the corresponding network node of the part of the programmable electronic entity of the user - The exchange of so-called 'public' keys between the user's programmable electronic entity and the corresponding network node - The storage of the internet address of the network node corresponding to each an electronic entity of the system in a dynamic database of each network node, said dynamic database being associated with a corresponding static database, containing the identity of each user of the system, said identity having been encrypted by the electronic entity programmable with the public key of the corresponding network node- The triggering of a periodic flow of messages of signalis ation, each message being a presence notification sent by the electronic entity of the system to the corresponding network node, said presence notification containing the `Hello 'header and the identity of the user; said signaling message being encrypted with the public key of the corresponding network node; said encrypted signaling message always having the same size - The triggering of a periodic stream of signaling messages, each message being a response to the presence notification, said response being sent by the corresponding network node and containing the header `Hello 'and the identity of the user; said signaling message being encrypted with the public key of the corresponding electronic entity; said encrypted signaling message always having the same size The following steps for the management of said periodic signaling message flow, said management comprising the actions of establishment, acceptance / rejection and interruption of the communication: detection actions of the user by the programmable electronic entity, said actions comprising the commands for establishing, accepting / rejecting and interrupting the communication 20 - The construction of the signaling messages by the programmable electronic entity, in according to the actions of the user and according to the following correspondences: o A message of the type 'Cali' or `SMS 'or Send', followed by the identity of the recipient is generated following a call establishment action , send an SMS or send an email o A message of type 'Accole or Reject is generated following an action of acceptance / rejection of a call or an SMS or an email, said action of accept tation / rejection following an alert sent to the user's programmable electronic entity from the corresponding network node o A 'Release' type message is generated following an interruption action of a call-L sending said signaling messages by the programmable electronic entity, by incorporating the signaling messages into the periodic stream of presence notification messages according to the description of the initial steps of the method; said incorporation being done by replacing the expected presence notification message with the next time sample by said signaling message; said signaling message being encrypted with the public key of the corresponding network node; said encrypted signaling message always having the same size - The detection by the corresponding network node of the signaling messages from the sending electronic entity and the consequent generation of the response messages to the transmitting electronic entity and / or messages alert to the recipient electronic entity according to the following correspondences: o A message of type 'Mir, followed by a random waiting time is generated and sent to the transmitting electronic entity following receipt of a message of the type 'Cali' or 'SMS' or 'Send' from the latter o A message of the type 'Cali' or 'SMS' or Send ', followed by the identity of the issuer is generated and sent to the entity electronic recipient following the receipt of a `Hello 'type message from the latter o A message of type` Accept or `Reject is generated and sent to the electronic entities (issuer and recipient) more upon receipt of a message of type `Accept or` Rejece o A message of type 'Release' is generated and sent to the electronic entities (issuer and recipient) following receipt of a message of type 'Release' - L ' sending said signaling messages by the corresponding network nodes to respectively the sending and receiving electronic entity, by incorporating the signaling messages into the periodic flow of the responses to the presence notification messages according to the description of the initial steps of the method; said incorporation being done by replacing the response to the presence notification message provided to the next time sample by said signaling message; said signaling message being encrypted with the public key of the corresponding electronic entity (issuer and recipient); said encrypted signaling message always having the same size The following steps for managing the release / release of the communication data flows as well as for routing said flows between two programmable electronic entities (a transmitter, a recipient): A message of type 'This or `SMS' or` Send 'sent by the programmable electronic entity triggers a timer in the latter, the timer expiring after a random duration whose value is received from the corresponding network node by means of a Wei message (- sending a dummy data stream from the corresponding network node to the programmable electronic entity transmitting the message 'Cali' or `SMS 'or` Send', said dummy stream being triggered upon receipt of said message message, the duration of said fictitious flow corresponding to the random duration of said timer - the exchange of communication data between two entities programmable signals as soon as said timer expires, each programmable entity exchanging the communication data with its corresponding network node; the two corresponding network nodes relaying the data flows between the two programmable electronic entities by means of a dynamic routing table which enables the corresponding network node of the sending electronic entity to know the IP address of the network node corresponding to the electronic entity recipient ; said data stream being organized in packets, each packet being encrypted with a key shared between the electronic entities (issuer and recipient); said encrypted packet always having the same size - A 'Release' type message sent by the transmitting programmable electronic entity triggers the stop of data flows between; on the one hand the transmitting electronic entity and its corresponding network node as well as between the destination electronic entity and its corresponding network node; on the other hand, the two network nodes corresponding to the two electronic entities (transmitter, recipient) - Said 'Release' message sent by the transmitting programmable electronic entity also triggers the sending of a fictitious data stream of the network node corresponding to the recipient electronic entity to the latter; said fictitious data stream being interrupted by a 'Release' type message sent to the destination electronic entity of the corresponding network node in response to the next presence notification message from said recipient electronic entity