FR3085503A1 - SECURE METHOD AND SYSTEM FOR DELAYED SHARING OF DATA BETWEEN SEVERAL TRANSMITTING USERS AND A RECIPIENT USER, WITH TIMERING ON BLOCKCHAIN. - Google Patents

Abstract

Method for sharing files (2) between N users (Ai) and a recipient user (B), which comprises three phases: - Writing: ○ Create, in a file server (5), on the initiative of a user (A1) master transmitter, a data container (6) associated with user B; ○ During a writing delay (T1), allow each sending user (Ai) write access to the container (6); Archiving: ○ At the end of the writing period (T1), prohibit each user (Ai) sending access to the container (6); ○ Encrypt the data of the container (6) using the public key (ZB) of the recipient user (B); ○ During an archiving delay (T2) controlled by interrogating a blockchain, store the encrypted container (6B) in a file server (5); - Sharing: allow the recipient user (B) to download the encrypted container (6B) in order to decrypt it using his private key (BZ).

Description

Secure method and system for delayed data sharing between several sending users and one receiving user, with time stamp on blockchain

The invention relates to the field of computing, and more specifically to the sharing of computer data files between several sending users and one receiving user.

The term “user” is used here to designate a communicating device (in English “user device”), typically a smartphone, a tablet, or more generally a computer, for example. a portable or fixed computer or a workstation capable of connecting, via a local computer network (LAN), metropolitan (MAN) or extended (WAN, typically the Internet), to a remote server, the term "server ”Designating here a physical unit or, in a virtualization framework, a computing and / or memory space allocated within a physical unit and on which an operating system or an operating system emulation is running.

However, it is understood that an actual user (that is to say a natural or legal person) who carries out operations using this device is associated with such an electronic client device.

The use of computer networks is quite widespread today, especially for data sharing.

There are various types of systems for sharing data.

Mailbox-type e-mails, which work asynchronously, allow user A (sender) to address user B (recipient) a message containing information that can be included in the body of the message itself , or as attached files.

In an electronic messaging system, the message delivery time depends essentially on the bandwidth (availability) of the network connecting the sending and receiving users, and on the memory size of the message, including its any attachments.

Quite often, routing takes a few seconds. The recipient can then open and read the message from the sender whenever they want.

LAP B010 FR

At the time of writing, e-mail is limited in size to the messages sent, usually around ten megabytes (MB).

In addition, electronic messaging does not allow several users to group together to send a message to a recipient.

To exchange data of large volume (that is to say of size greater than 10 MB) approximately, or to allow several sending users to share data with a recipient user, it has become usual to use specialized platforms , eg. DropBox (registered trademark).

In principle, these platforms aim to allow permanent access to a private memory space on which files are stored, for any user identified as having the right to it.

Hacking files involves either unauthorized access to this memory space, or the theft of the identity of a user with access rights.

These platforms are easy to use but nevertheless meet limits with regard to data security. In particular, identity theft is very effective in accessing data immediately, and - in general - both read and write.

There therefore remains a need to share computer data files between users, with a higher degree of security, while preserving a certain simplicity of use.

To this end, it is proposed, firstly, a method of sharing computer data files between N (N an integer, N> 2), sending users and a recipient user, via a computer system equipped:

From a communication server,

At least one file server, and

A profile database containing profiles associated with users respectively, each profile comprising at least one identifier and at least one public cryptographic key to which a private key corresponds;

LAP B010 FR

A control unit, connected to the communication server, the file server and the database;

This process comprising, at the system level, three successive phases:

A writing phase, which includes the operations of:

o Receive from a master sending user a request containing an instruction to create a data container to share, an identifier for each sending user (other than the master sending user) and an identifier for the receiving user;

o Create the container in a file server;

o Associate the container with the corresponding profile in the database with the recipient user;

o Associate the container with a predetermined writing period;

o As long as the writing time has not expired, allow each sending user write access to the container;

An archiving phase, which includes the operations of:

o At the end of the writing period, prohibit sending users from accessing, at least in writing, the container;

o Encrypt the container using the public key of the recipient user to form an encrypted container;

o Associate the encrypted container with a predetermined archiving period;

o Store the encrypted container in a file server by prohibiting access to at least the recipient user;

o Periodically repeat the following verification sequence:

a) Select a block in a computer register made up of a block chain, each having time stamp data;

b) Extract the timestamp data from the selected block;

c) Determine, from this timestamp data, a current date;

o As long as the archiving period is before the current date, repeat the verification sequence while maintaining the storage of the encrypted container;

LAP B010 FR

A sharing phase, which includes the operation consisting, as soon as the archiving period is equal to or later than the current date, to allow the recipient user to download the encrypted container in order to decrypt it using of his private key.

Various additional characteristics can be provided, alone or in combination. So, for example:

The writing delay can be defined by the master sending user or automatically.

Likewise, the archiving period can be defined by the master sending user or automatically.

Advantageously, provision is made for the reception, by the communication server, of a notification of decryption of the container by the recipient user. In this case, provision is also made, preferably, for the destruction of the encrypted container on the file server after receipt of the decryption notification by the recipient user.

The container is advantageously subdivided into several own memory spaces, each allocated to a respective sending user. In this case, access by a sending user to the memory space of another sending user is preferably prohibited.

Secondly, a computer system is proposed which, for implementing the method as presented above, comprises:

A communication server,

At least one file server, and

A database of profiles containing in memory profiles associated respectively with the users, each profile comprising at least one identifier and at least one public cryptographic key to which a private key corresponds,

This system further comprising a control unit comprising a programmable memory containing instructions for operating:

A writing phase, which includes the operations of:

o Receive from a master sending user a request containing an instruction to create a data container to share, an identifier for each user

LAP B010 FR sender (other than the master sender user) and an identifier of the recipient user;

o Create the container in a file server;

o Associate the container with the corresponding profile in the database with the recipient user;

o Associate the container with a predetermined writing period;

o As long as the writing time has not expired, allow each sending user write access to the container;

An archiving phase, which includes the operations of:

o At the end of the writing period, prohibit sending users from accessing, at least in writing, the container;

o Encrypt the container using the public key of the recipient user to form an encrypted container;

o Associate the encrypted container with a predetermined archiving period;

o Store the encrypted container in a file server by prohibiting access to at least the recipient user;

o Periodically repeat the following verification sequence:

a) Select a block in a computer register made up of a block chain, each having time stamp data;

b) Extract the timestamp data from the selected block;

c) Determine, from this timestamp data, a current date;

o As long as the archiving period is before the current date, repeat the verification sequence while maintaining the storage of the encrypted container;

A sharing phase, which includes the operation, as soon as the archiving period is equal to or later than the current date, to allow the recipient user to download the encrypted container in order to decrypt it using his private key.

Other objects and advantages of the invention will emerge in the light of the description of an embodiment, given below with reference to the appended drawings in which:

FIG.1 is a synthetic diagram of a computer system illustrating the writing phase of a method according to the invention;

LAP B010 FR

FIG.2 is a diagram similar to FIG.1, illustrating the archiving phase;

FIG.3 is a diagram similar to FIG.1, illustrating the sharing phase;

FIG.4 is a diagram illustrating different stages of the process of the invention;

FIG.5 is a diagram illustrating the extraction of a timestamp data from a blockchain.

In FIG. 1 to FIG. 3 is shown a computer system 1, intended to allow the sharing of files 2 of computer data between N sending users Ai (where N is an integer such that N> 2 and i an integer such as 1 <i <N) and a recipient user B. The term "user" here designates, specifically, an electronic device, such as a smartphone, a computer, a tablet, and provided with a communication interface (wired or wireless) through which this device is capable of connecting to a remote server, via a local (LAN), metropolitan (MAN) or wide area network (WIDE, such as the Internet). It is understood, however, that, by extension, the term "user" indirectly designates one (or more) real user (s) (for example a natural or legal person) associated with this device.

The computer system 1 comprises, first of all, a communication server 4, programmed to be able to establish communication sessions (preferably secure) with users (in particular users Ai and B).

The computer system 1 comprises, secondly, a file server 5, on which directories or "containers" 6 of data files to be shared can be created. In these containers can be created, deposited, copied, pasted, deleted, modified, 2 data files of any type, eg. files from office applications (eg word processing, spreadsheet), sound, image, or video files.

The computer system 1 comprises, thirdly, a profile database 7 which contains profiles PAi, PB of users in memory. In this case, the database contains at least one

LAP B010 FR PAi profile associated with each sending Ai user, and a PB profile associated with the receiving user B.

Each PAi, PB user profile includes at least one IDAi, IDB identifier linked to the corresponding user (eg a name, an e-mail address, a telephone number) and at least one public cryptographic ZAi, ZB key.

This public cryptographic key ZAi, ZB corresponds to a private cryptographic key AiZ, BZ.

The key AiZ, private cryptographic BZ associated with each sending user Ai or, respectively, with the receiving user B, is stored locally in a respective memory space thereof.

The computer system 1 comprises, fourthly, a control unit 8, connected to the communication server 4, to the file server 5 and to the database 7. The control unit 8 comprises at least one processor and a programmable memory. The control unit 8 is programmed to control the communication server 4, the file server 5 and to administer the database 7.

The control unit 8 (and more precisely its memory) includes instructions for carrying out operations grouped in several successive phases.

A first phase, called writing, includes the operations of:

o Receive from a user A1 master transmitter a request containing an instruction to create a container 6, an identifier IDAi (i> 2) of each other user Ai (i> 2) transmitter, and an identifier IDB of l user B recipient;

o Create container 6 in a file server 5;

o Associate the container 6 with the profile associated with user B in the database 7;

o Associate with container 6 a predetermined writing delay T1;

o As long as the T1 writing delay has not expired, allow each sending user Ai write access to container 6.

In practice, the user A1 master transmitter sends to the computer system 1, via the network 3, the request to create the container 6. This request passes through the communication server 4, which performs the identity checks of the user A1 master transmitter,

LAP B010 FR typically by comparing information communicated by it (eg a password) with information associated with its IDA1 profile as stored in the database 7. As soon as the user A1 master transmitter is identified, access is given to him (possibly by another communication channel, as illustrated in FIG. 1) to the file server 5.

The system 1 verifies that the IDAi identifiers (i> 2) communicated by the user A1 master transmitter effectively correspond to stored user profiles PAi.

Therefore, during the writing phase, each sending user Ai is authorized to modify the container 6 by adding or subtracting from it data files 2. These data files 2 can come from each terminal Ai itself, or be downloaded from remote servers via the network 3.

The writing delay T1 (shown diagrammatically in the drawings by a first countdown) can be defined by the master user A1, or automatically by the control unit 8. The T1 writing delay is advantageously implemented within the computer system 1, e.g. and more precisely in the control unit 8.

According to an advantageous mode illustrated in FIG.4, the container 6 is subdivided into several spaces 6.i own memories, each allocated to a respective user Ai transmitter - that is to say that the data files 2 deposited by each Sender user Ai in its own memory space 6.i do not affect the data files 2 deposited by another sending user Aj (j an integer such as j ψ i) in its own memory space 6.j

It is even preferable for access (read and / or write) by a sending Ai user to a space 6.j own memory allocated to another sending Aj user to be prohibited.

A second phase, called archiving, includes the operations of:

o At the end of the T1 writing period, prohibit each sending user Ai access, at least in writing, to container 6;

o Encrypt container 6 using the public ZB key of recipient user B to form an encrypted container 6B;

LAP B010 FR o Associate with the encrypted container 6B a predetermined T2 archiving time;

o As long as the T2 archiving period has not expired, store the encrypted container 6B in a file server 5 by prohibiting access to it at least to the recipient user B.

The T2 archiving period (shown schematically in the drawings by a second countdown) can be defined by the A1 master user, or automatically. The T2 archiving period is advantageously implemented within the IT system 1, e.g. by means of an internal clock controlled by (or integrated into) the control unit 8.

The T2 archiving period is advantageously greater than one hour. It is preferably greater than one day. It can reach a month or even one or more years.

The control of the expiration of the T2 archiving period is carried out by interrogation of a computer register made up of a block chain or blockchain 9 (according to English terminology).

For the purposes of this application, blockchain 9 is a computer register containing data subdivided into blocks 10 (or blocks) linked together, each containing:

A body 11 comprising digital signatures of transactions (that is to say of data exchanges) passed between users,

A header 12 containing metadata including:

o A serial number, or rank, or height, which is in the form of an integer which designates the position of block 10 within blockchain 9 in ascending order from an initial block 10 bearing the number zero or the number one (as in the example illustrated in FIG. 5) and called the genesis block (Genesis Block in English);

o A digital fingerprint of the data in block 10;

o The digital fingerprint (called pointer) of the previous block 10;

o Timestamp or timestamp data, which can be in the form of a date (including year, month and day, for example in YYYY-MM-DD format) or a number corresponding to the number seconds since a reference date or "Epoch" - eg. 1 ^st January 1970 for systems

LAP B010 FR operating under the UNIX operating system (registered trademark).

The digital fingerprint of each block 10 is in the form of a character string, typically 64 characters coded in hexadecimal base (each of which can take any value from 0 to f), which in binary corresponds to a string of 256 bits (each having the value 0 or the value 1).

The value of the digital fingerprint depends on the data in block 10: the slightest modification of the data in block 10 results in the modification of the digital fingerprint.

According to a particular embodiment, the digital fingerprint of each block is a digest (or condensate, or hash) of the data of block 10, that is to say the result of a hash function applied to the data of the block (including body 11 and header 12 with the exception of the digital fingerprint itself). The hash function is typically SHA-256. In FIG.5, the fingerprint is designated by the term "Hash".

For a given block 10 of rank N (N an integer), the pointer ensures an unalterable link with the previous block 10 of rank N-1 (cf. FIG. 5). Indeed, any modification of the data of block 10 of rank N-1 would lead to the modification of its fingerprint, and therefore to a lack of correspondence between this (modified) fingerprint of block 10 of rank N-1 and the pointer stored among the metadata for block 10 of rank N.

The succession of blocks 10 linked together in pairs by correspondence of the pointer of a given block 10 of rank N with the digital imprint of the preceding block 10 of rank N-1 therefore constitutes a chain of correlated blocks, in which the lesser modification of the data of a block 10 of rank N-1 results in a break in the link with the next block 10 of rank N - and therefore the break of the blockchain 9.

It is this particular structure that gives the data contained in blockchain 9 - in particular time stamp data - the reputation of immutability.

The blockchain 9 is stored on a peer-to-peer network 13 composed of a plurality of nodes 14 (each formed by one or

LAP B010 FR several computers, or one or more servers) which together form a distributed database.

More specifically, the blockchain 9 is stored on this distributed database by being replicated on each node 14. On each node 14 is implemented a computer protocol (eg Bitcoin or Ethereum, registered trademarks) for participation in the development of the blockchain 9.

This protocol, called "blockchain protocol", includes a calculative process of periodically adding a new block 10 of rank N + 1 to blockchain 9 already containing a number N of blocks 10.

This process implements a block validation mechanism 10 by consensus between all or part of the nodes 14.

One possible mechanism, known as proof of work (PoW), consists in putting nodes 14 into competition with regard to their computing power, by imposing on them a computational constraint, called difficulty, which typically occurs in the form of a maximum numerical value not to be exceeded.

To overcome the difficulty, each node 14 repeatedly performs a computation of digest (or hash) of the data of block 10 by adding beforehand to this data a variable (called nonce) which is modified at each iteration as long as the result of the calculation is not less than the difficulty imposed.

A particularity of hash functions, notably SHA-256, is their non-recursion, that is to say the fact that two successive iterations of the calculation from close initial data (here differentiated by the only increment of the nonce) produces decorrelated results, which makes it impossible to converge successive iterations of the calculation towards the objective (a value of digest or hash less than the difficulty).

The first node 14 overcoming the difficulty (that is to say producing a digest or hash less than the difficulty) is declared the winner and takes away a bonus (or incentive), generally in the form of a predetermined payment in cryptographic currency or cryptocurrency (currently 12.5 bitcoins in the Bitcoin blockchain).

The victorious node 14 then communicates to the other nodes 14 the nonce which has made it possible to overcome the difficulty. The other nodes 14 verify themselves the correctness of the computation carried out by the node 14

LAP B010 FR winner and, noting that the difficulty is effectively overcome, validate the new block 10 of rank N + 1 by adding it, each, to the existing blockchain 9 which is thus incremented by one.

The timestamp of this block 10 of rank N + 1 corresponds, to a few seconds or a few minutes, to the date and the current time at which the addition is made, typically based on the local clock of the node 14 winner (which can be synchronized with the local clocks of the other nodes 14), or, when for example the nodes 14 are not synchronized, on the basis of a clock datum corrected by adding, to the time provided by the local clock of the winning node 14, the mean time difference (which may be negative) of this clock with those of the other nodes 14.

Once block 10 of rank N + 1 inserted in blockchain 9, blocks 10 of lower rank are secure against malicious alterations, especially since their rank number is low in front of N + 1.

In particular, the insertion of block 10 of rank N + 1 secures block 10 of rank N, and in particular its timestamp, which can therefore serve as a time reference.

Thus, it is possible to query blockchain 9 to extract reliable time data from which we can at least deduce the current date.

More specifically, the blockchain 9 query includes the periodic repetition of the following verification sequence:

a) Select a block (eg block 10 of rank N in blockchain 9 comprising at least N + 1 blocks 10);

b) Extract the timestamp from the selected block 10 (here block 10 of rank N);

c) Determine, from this timestamp, a current date (which includes at least the current day, but also, if applicable, also the current time).

When the timestamp includes in itself the current date, in YYYY-MM-DD format (possibly supplemented by the current time in HH: MM: SS format), this date is retained by system 1.

When the timestamp is in the form of the number of seconds since a reference date (eg Epoch), the

LAP B010 FR system 1 is programmed to calculate the current date from this number.

As long as the T2 archiving period is earlier than the current date thus determined, this verification sequence is repeated while the storage of the encrypted container (6Bk) is maintained.

In other words, the T2 archiving period is decreed not expired until it has been reached or exceeded by the current date from the interrogation of the blockchain 9.

The advantage of using blockchain 9 is that the timestamps in blocks 10 are very difficult to alter - and therefore very reliable. It follows that the time data determined from blockchain 9 is also very reliable, even more than a time data from a server, typically from a time server (or NTP server, this acronym being from the 'English Network Time Protocol), which although reputed to be reliable, remains susceptible to attacks, including denial of service.

According to a preferred embodiment, the control unit 8 is devoid of instructions for communicating to the recipient user B, during the archiving phase, the very existence of a container 6 or of an encrypted container 6B to its attention, so that the real user (or real users) associated with user B recipient is (are) kept (s) in ignorance of this existence.

The T2 archiving period is declared expired when it has been exceeded by the current date resulting from the interrogation of blockchain 9.

Therefore, a third phase, called sharing, includes the operation consisting, at the end of the T2 archiving period, in allowing the recipient user B to download the encrypted container 6B with a view to decrypting it on using his private BZ key.

In practice, the control unit 8 is, for example. programmed to send the recipient user B (in particular via the communication server 4) a notification of availability of the encrypted container 6B. This notification advantageously contains the IDAi identifiers associated with the sending Ai users. The download is then preferably ordered by the recipient user B, rather than carried out automatically on command from the control unit 8. The knowledge of the IDAi profile of the sending Ai users by the recipient user B can constitute for the latter an index of

LAP B010 FR trust the source and / or the safety of the data shared by the sending Ai users.

Concretely, the encrypted container 6B is sent, on command of the control unit 8, to the recipient user B via the network 3. The decryption is carried out locally by the recipient user B, by means of his key BZ private locally stored. The recipient user B can then read (and if necessary write) the container 6, that is to say the data files 2 which it contains, as deposited on the initiative of the sending Ai users .

After decryption, the data files 2 can be stored locally by the recipient user B.

At the end of the decryption, the recipient user B can send (automatically or on external command) to system 1 a decryption notification. This notification is received by the communication server 4.

In this case, the destruction of the encrypted container 6B on the file server 5 is advantageously provided for after reception, by the system 1, of the decryption notification.

In this way, memory space is freed up within the file server 5, which facilitates the subsequent creation of new containers 6.

The method (and the system) which has just been presented offers a certain advantage in terms of safety compared to the known methods (respectively the systems). In fact, during the archiving phase, the data in files 2 cannot be read - nor a fortiori modified - by the sending users A or by the receiving user B. Any impersonation of any of them is ineffective since it is necessary to have the private key of user B to decrypt the container 6B.

It can even be seen that the control exercised by the sending users A over the container 6 (that is to say over the data files 2 to be shared) ceases at the end of the writing delay T1, even though its content is not yet accessible for the recipient user B. The delay (predetermined) with which the recipient user B accesses the data files 2 shared by the sending Ai users makes any dialogue between them impossible in real time, to the benefit of the parsimony with which the users

LAP B010 FR exchange data with each other. This in particular results in an optimization of the bandwidth necessary, in networks, for exchanges between users.

Claims (8)

1. Method for sharing files (2) of computer data between N sending users (Ai) (N an integer, N> 2; i an integer such as 1 <i <N), and a recipient user (B), via a computer system (1) equipped: A communication server (4), At least one file server (5), and From a database (7) of profiles containing in memory profiles (PAi, PB) associated respectively with the users (Ai, B), each profile (PAi, PB) comprising at least one identifier (IDAi, IDB) and at minus a public cryptographic key (ZAi, ZB) to which a private key (AiZ, BZ) corresponds; A control unit (8), connected to the communication server (4), to the file server (5) and to the database (7); This process being characterized in that it comprises, at the level of the system (1), three successive phases: A writing phase, which includes the operations of: o Receive from a user (A1) master sender a request containing an instruction to create a container (6) of data to share, an identifier (IDAi where i> 2) of each user (Ai where i> 2) sender and an identifier (IDB) of the recipient user (B); o Create the container (6) in a file server (5); o Associate the container (6) with the corresponding profile (IDB), in the database (7), with the recipient user (B); o Associate with the container (6) a predetermined writing delay (T1); o As long as the writing delay (T1) has not expired, allow each sending user (Ai) write access to the container (6); An archiving phase, which includes the operations of: o At the end of the writing delay (T1), prohibit the sending users (Ai) from access, at least in writing, to the container (6); LAP B010 FR o Encrypt the container (6) using the public key (ZB) of the recipient user (B) to form an encrypted container (6B); o Associate with the encrypted container (6B) a predetermined archiving time (T2); o Store the encrypted container (6B) in a file server (5) by preventing access to at least the recipient user (B); o Periodically repeat the following verification sequence: a) Select a block (10) in a computer register made up of a chain (9) of blocks each having time stamp data; b) Extract the timestamp data from the selected block (10); c) Determine, from this timestamp data, a current date; o As long as the archiving period (T2) is earlier than the current date, repeat the verification sequence while keeping the storage of the container (6Bk) encrypted; A sharing phase, which includes the operation consisting, as soon as the archiving period (T2) is equal to or later than the current date, to allow the recipient user B to download the encrypted container (6B) in view decrypt it using its private key (BZ). 2. Method according to claim 1, in which the writing delay (T1) is defined by the master transmitter user (A1). 3. Method according to claim 1, in which the writing delay (T1) is defined automatically. 4. Method according to one of claims 1 to 3, wherein the archiving time (T2) is defined by the user (A1) master transmitter. 5. Method according to one of claims 1 to 3, wherein the archiving time (T2) is automatically defined. 6. Method according to one of the preceding claims, wherein the container (6) is subdivided into several spaces (6.i) own memories, each allocated to a respective user (Ai) transmitter. LAP B010 FR 1. Method according to one of the preceding claims, which comprises the reception, by the communication server (4), of a decryption notification of the container (6) by the recipient user (B). 8. The method of claim 7, which comprises destroying the container (6B) encrypted on the file server (5) after receipt of the decryption notification by the user (B) recipient. 9. Computer system (1) which, for implementing the method according to one of the preceding claims, comprises: A communication server (4), At least one file server (5), and A database (7) of profiles containing in memory profiles (PAi, PB) associated respectively with the users (Ai, B), each profile (PAi, PB) comprising at least one identifier (IDAi, IDB) and at least one public cryptographic key (ZAi, ZB) to which a private key (AiZ, BZ) corresponds, This system (1) further comprising a control unit (8) comprising a programmable memory containing instructions for operating: A writing phase, which includes the operations of: o Receive from a user (A1) master sender a request containing an instruction to create a container (6) of data to share, an identifier (IDAi where i φ 1) of each user (Ai where i * 1) sender and an identifier (IDB) of the recipient user (B); o Create the container (6) in a file server (5); o Associate the container (6) with the corresponding profile (IDB), in the database (7), with the recipient user (B); o Associate with the container (6) a predetermined writing delay (T1); o As long as the writing delay (T1) has not expired, allow each sending user (Ai) write access to the container (6); An archiving phase, which includes the operations of: LAP B010 FR o At the end of the writing delay (T1), prohibit sending users (Ai) from accessing, at least in writing, the container (6); o Encrypt the data of the container (6) using the public key (ZB) of the recipient user (B) to form an encrypted container (6B); o Associate with the encrypted container file (6B) a predetermined archiving time (T2); o Store the encrypted container (6B) in a file server (5) by preventing access to at least the recipient user (B); o Periodically repeat the following verification sequence: a) Select a block (10) in a computer register made up of a chain (9) of blocks each having time stamp data; b) Extract the timestamp data from the selected block (10); c) Determine, from this timestamp data, a current date; o As long as the archiving period (T2) is earlier than the current date, repeat the verification sequence while keeping the storage of the container (6Bk) encrypted; A sharing phase, which includes the operation consisting, as soon as the archiving period (T2) is equal to or later than the current date, allowing the recipient user (B) to download the encrypted container (6B) in order to decrypt it using its private key (BZ).