FR3145627A1 - Process for managing data affected by conflicting retention and updating obligations - Google Patents

Abstract

The invention relates to a data management method (10) implemented by a computer system 1. Such a method 10 comprises a processing operation (100) for importing said data stored in one or more unit archives (FFi) to create data containers (Tw) and associative tables (CTw) as well as unit archives (FFw) for work. Said method (10) comprises a processing operation (200) for encrypting said unit archives for work (FFw) prior to any first update of the data. It further comprises a processing operation (300) for any instruction for updating said data arranged so as to manage data concerned by retention and update obligations. Such a data management method (10) may also comprise a processing operation (400) for exporting said managed data. Figure to be published with the abstract: Fig 1

Description

Process for managing data affected by conflicting retention and updating obligations

The invention relates to a method for managing, i.e. importing, updating or even exporting, data concerned by contradictory obligations, on the one hand, of conservation and, on the other hand, of updating or deletion. As a preferred example, such data may include personal data imported, created, modified or deleted, or even exported by data management software, also known by the English name of ERP for " Enterprise Resource Planning ".

Such data is used in particular in Businesses in the context of multiple IT applications, such as accounting, human resources management, sales, production, etc. These IT applications are subject to audit obligations by various bodies (states, international organizations, dedicated bodies) in application of tax codes, police regulations, etc. Such audits require the retention of data and documents for defined periods.

Thus, according to French law, accounting documents (or data) must be kept for a minimum of three years from the end of the accounting year concerned. Tax documents require a six-year retention period, or commercial contracts and other associated correspondence must be kept for five years from their respective conclusions. Similarly, the pay slips of any employee, including in their digital forms, must be kept for five years following their issuance. We can also mention that any document relating to an intellectual property title, such as a patent, must be kept for five years from the extinction of said title.

Alternatively, a tax archive is used to permanently store all information, data and computer processing. It can respond to requests that a tax administration may make within the framework of or outside of a tax audit. A tax archive is defined in this document as the result of a process that guarantees that the content of such an archive is identical to the initial information. The integrity of the archives produced over time must be guaranteed, i.e. from their creation to their possible deletion. A tax archive must also be usable, i.e. readable, including when the software application that produced it is no longer available. The use of a so-called "open" format is therefore generally recommended. A tax archive is therefore generally presented in the form of a text or flat file, or even in the form of an electronic document or an image.

Archives that are potentially subject to controls or audits carried out at the coercive initiative of third parties, such as the tax authorities or customs, are called “external archives”. Archives that are only useful for information purposes are called “internal archives”. By abuse of language, we will call such external archives tax archives. Internal archives must comply with personal data protection obligations.

At the same time, multiple laws and regulations require companies to destroy, anonymize or pseudo-anonymize personal data. This is the case, for example, of the General Data Protection Regulation, also known by the acronym GDPR (or GPDR for " General Data Protection Regulation " in Anglo-Saxon terminology), which requires each holder of such data to only keep it in the presence of explicit consent from the persons nationals of the European Union concerned by said data, for limited and determined periods or if and only if a purpose or objective requires it.

Companies are therefore subject to contradictory obligations (obligation to retain, obligation to delete) in their management applications and also in their archives.

Furthermore, computer applications are implemented by personal computers, or more broadly by any suitable electronic devices (smart mobile phones, touch tablets, etc.), by remote computer servers cooperating with local stations or personal computers via wired or wireless computer communication networks or by solutions based on so-called " serverless " computing, containers or other suitable technologies. From a technical point of view, such a computer system implementing a data management application is similar to a computer comprising a processing unit consisting of one or more microprocessors or microcontrollers implementing program instructions of an operating system of hardware resources (data or program memories, peripherals, etc.) and hosted software applications, such as an ERP. Said program instructions are loaded into one or more memories of said computer system in communication with said processing unit. "Memory or storage means" means any computer memory, whether volatile or not. A non-volatile memory is a computer memory whose technology allows its data to be retained in the absence of an electrical power supply. It can contain data resulting from inputs, calculations, measurements and/or program instructions. The main non-volatile memories currently available are electrically writable, such as EPROM (" Erasable Programmable Read-Only Memory ") or electrically writable and erasable, such as EEPROM (" Electrically-Erasable Programmable Read-Only Memory "), flash, SSD (" Solid-State Drive "), etc. Non-volatile memories are distinguished from so-called "volatile" memories, the data of which is lost in the absence of an electrical power supply. The main volatile memories currently available are RAM ( Random Access Memory ), DRAM (dynamic random access memory, requiring regular updating), SRAM (static random access memory requiring such updating during a power shortage), DPRAM, VRAM, etc.

A company's data retention obligation is also confronted with the obsolescence of ERP software. The question regularly arises for a company of having to stop obsolete versions of data management software in favor of a new version or a new system. However, such a process of decommissioning an obsolete application and implementing a migration of said data and other documents appears complex and costly. For this reason, so-called "legacy systems" are too often still used, even when more modern and efficient solutions are available, for fear of the risks and costs that such a migration of data to a new management system would generate.

There is currently no satisfactory solution to meet these often contradictory needs. Indeed, retention obligations take precedence in many countries to the detriment of constraints related to the protection of personal data. As a result, the players offering solutions to comply with the General Data Protection Regulation exclude the “retention” component. The reverse is also generally true. A “non-modifiable” storage solution guaranteeing the non-destruction of information for a predefined period contravenes the evolving obligations of data destruction.

Generally, retention obligations, such as tax obligations, take precedence over destruction obligations, for example by application of the GDPR. We could therefore consider that it is sufficient to keep tax archives for the legal duration, then delete them in order to comply with all the obligations. In practice, for software applications covering a multiple spectrum of control entities (for example multi-company and multi-country applications), multiplying tax archives becomes extremely complex and identifying retention rules almost impossible. There is a need to be able to create an archive that is both a tax archive and an internal archive.

The present invention therefore aims to propose a method for managing data concerned by contradictory obligations of conservation and updating (including deletion) to be preferably implemented within the framework of a software application called "LSA", an acronym for " Legacy System Application ", i.e. an application making it possible to manage the data of a "legacy system" also known by the Anglo-Saxon expression " legacy syst e m ".

The invention addresses the drawbacks raised by the state of the art by making it possible in particular to create an archive, for example a tax archive, to guarantee its status as a tax archive, while satisfying the rules of protection, or even destruction, of personal data.

• simplifier et permettre une migration (c’est-à-dire un processus de décommissionnement ou «decommissioning» selon une terminologie anglo-saxonne) des données et de documents depuis une application de gestion de données et/ou de documents obsolète vers une nouvelle application et ainsi répondre à la problématique des systèmes dit « systèmes hérités » qui demeurent trop souvent en ligne, alors même que des solutions plus modernes et efficaces sont disponibles ;
• répondre aux besoins contradictoires de conservation et de mise à jour de données personnelles ;
• prévenir toute duplication de données (par exemple en multipliant les archives fiscales par pays) selon leurs fonction et utilisation et ainsi réduire les coûts des infrastructures assurant une telle gestion de données, en termes d’interopérabilité, de volumes de stockage, d’émission de CO2, etc. ;
• constituer des archives permettant de répondre aux attentes d’un contrôle externe, comme émanant du fisc par exemple ;
• conserver des archives pour les informations possiblement pertinentes qui ne le sont pas suffisamment pour être intégrées au système cible.

Among the many advantages provided by the invention, we can mention more particularly that the invention makes it possible to:

• simplify and enable migration (i.e. a decommissioning process) of data and documents from an obsolete data and/or document management application to a new application and thus address the problem of so-called “legacy systems” which too often remain online, even though more modern and efficient solutions are available;
• meet the conflicting needs of retaining and updating personal data;
• prevent any duplication of data (for example by multiplying tax archives by country) according to their function and use and thus reduce the costs of the infrastructures ensuring such data management, in terms of interoperability, storage volumes, CO2 emissions, etc.;
• create archives to meet the expectations of an external audit, such as from the tax authorities for example;
• maintain archives for potentially relevant information that is not relevant enough to be integrated into the target system.

• lesdites données sont stockées en clair dans une première archive unitaire au sein de la première mémoire de données dudit système informatique, ladite première archive unitaire comportant une ou plusieurs archives élémentaires comprenant chacune un ou plusieurs champs ;
• ledit procédé comporte :
  • une étape de création, dans ladite première mémoire de données, d’un conteneur de données dont les enregistrements décrivent respectivement les archives élémentaires de ladite première archive unitaire et pour lesquels un attribut d’enregistrement correspond à un champ d’archive élémentaire, chaque enregistrement dudit conteneur de données comportant en outre un attribut supplémentaire dont la valeur consiste en une clé unique désignant l’information contenue dans un enregistrement dudit conteneur de données ;
  • une étape de création, dans ladite première mémoire de données, d’un conteneur associatif comportant un enregistrement associé à chaque enregistrement du conteneur de données, chaque enregistrement dudit conteneur associatif comportant un attribut pour contenir la clé unique désignant l’enregistrement du conteneur de données qui lui est ainsi associé, des attributs pour respectivement désigner la première archive unitaire et l’archive élémentaire de cette dernière à partir desquels l’enregistrement du conteneur de données a été initialisé ;
  • une étape :
    • de création, dans la première mémoire de données :
      • d’autant de clés de chiffrement/déchiffrement qu’il existe d’enregistrements dans le conteneur de données ;
      • d’une deuxième archive unitaire à partir de la première archive unitaire et desdites clés de chiffrement/déchiffrement de sorte que chaque champ d’une même archive élémentaire de ladite deuxième archive unitaire résulte d’une opération de chiffrement du champ correspondant de la même archive élémentaire de ladite première archive unitaire par l’une desdites clés de chiffrement/déchiffrement ;
    • de mise à jour d’un attribut dans l’enregistrement du conteneur associatif associé à l’enregistrement du conteneur de données de sorte que ledit attribut désigne la clé de chiffrement/déchiffrement utilisée pour chiffrer les champs de l’archive élémentaire de ladite première archive unitaire ;
  • une étape de suppression de la première archive unitaire dans la première mémoire de données.

To this end, the invention provides a data management method designed to be implemented by a processing unit of a computer system also comprising a first data memory accessible in reading and writing by said processing unit. To address the drawbacks raised by the state of the art, such a data management method is arranged so that:

• said data is stored in clear text in a first unitary archive within the first data memory of said computer system, said first unitary archive comprising one or more elementary archives each comprising one or more fields;
• said method comprises:
  • a step of creating, in said first data memory, a data container whose records respectively describe the elementary archives of said first unitary archive and for which a record attribute corresponds to an elementary archive field, each record of said data container further comprising an additional attribute whose value consists of a unique key designating the information contained in a record of said data container;
  • a step of creating, in said first data memory, an associative container comprising a record associated with each record of the data container, each record of said associative container comprising an attribute for containing the unique key designating the record of the data container which is thus associated with it, attributes for respectively designating the first unit archive and the elementary archive of the latter from which the record of the data container was initialized;
  • one step:
    • of creation, in the first data memory:
      • as many encryption/decryption keys as there are records in the data container;
      • of a second unitary archive from the first unitary archive and said encryption/decryption keys such that each field of the same elementary archive of said second unitary archive results from an encryption operation of the corresponding field of the same elementary archive of said first unitary archive by one of said encryption/decryption keys;
    • updating an attribute in the associative container record associated with the data container record such that said attribute designates the encryption/decryption key used to encrypt the fields of the elementary archive of said first unitary archive;
  • a step of deleting the first unit archive in the first data memory.

To initialize the implementation of such a method, for example following a decommissioning process of a third-party application, the managed data may be initially stored in clear text in a third-party unit archive, called an “input unit archive” within a second data memory of said computer system, said third-party unit archive comprising one or more elementary archives each comprising one or more attributes. In this case, a method according to the invention may comprise a first step of reading the input unit archive in the second data memory and creating in the first data memory the first unit archive from said input unit archive so that said first unit archive and the input unit archive are identical.

When a data management method according to the invention comprises an update processing consisting of a deletion of a record of the data container describing an elementary archive, said processing may comprise a step of erasing the attribute designating the encryption/decryption key in the record of the associative container corresponding to said record of the data container.

• une étape de mise à jour dudit attribut dans le conteneur de données ;
• une étape de création d’une clé de chiffrement/déchiffrement et d’une troisième archive unitaire dont une archive élémentaire correspond à l’enregistrement du conteneur de données dont l’attribut a été modifié et pour laquelle chaque champ d’archive élémentaire correspond à chaque attribut dudit enregistrement chiffré par la clé de chiffrement/déchiffrement préalablement créée ;
• une étape :
  • d’effacement de l’attribut désignant la clé de chiffrement/déchiffrement dans l’enregistrement du conteneur associatif correspondant à l’enregistrement mis à jour du conteneur de données ;
  • de création, dans ledit conteneur associatif, d’un nouvel enregistrement associé à l’enregistrement mis à jour dans le conteneur de données, le nouvel enregistrement dudit conteneur associatif comportant :
    • un attribut pour contenir la clé unique désignant ledit enregistrement du conteneur de données qui a été mis à jour ;
    • des attributs pour respectivement désigner la troisième archive unitaire et l’archive élémentaire de cette dernière qui vient d’être initialisée ;
    • un attribut désignant la clé de chiffrement/déchiffrement utilisée pour chiffrer les champs de l’archive élémentaire de ladite troisième archive.

Alternatively, when a data management method according to the invention comprises an update processing consisting of a modification of an attribute of a record of the data container describing an elementary archive, said processing may comprise:

• a step of updating said attribute in the data container;
• a step of creating an encryption/decryption key and a third unitary archive, an elementary archive of which corresponds to the record of the data container whose attribute has been modified and for which each elementary archive field corresponds to each attribute of said record encrypted by the encryption/decryption key previously created;
• one step:
  • deleting the attribute designating the encryption/decryption key in the associative container record corresponding to the updated data container record;
  • of creating, in said associative container, a new record associated with the updated record in the data container, the new record of said associative container comprising:
    • an attribute to contain the unique key designating said data container record that was updated;
    • attributes to respectively designate the third unit archive and the elementary archive of the latter which has just been initialized;
    • an attribute designating the encryption/decryption key used to encrypt the fields of the elementary archive of said third archive.

• une étape de lecture de tout enregistrement du conteneur associatif comportant un attribut désignant une clé de chiffrement/déchiffrement ;
• une étape de :
  • lecture de l’archive élémentaire de l’archive unitaire conjointement désignées par ledit enregistrement lu au sein du conteneur associatif ;
  • déchiffrement des champs de ladite archive élémentaire lue à partir de la clé de chiffrement/déchiffrement désignée également par l’enregistrement lu dans le conteneur associatif ;
  • création d’une archive élémentaire dans une quatrième archive unitaire, dite « archive unitaire de sortie » dont les champs correspondent respectivement auxdits champs déchiffrés de l’archive élémentaire lue.

To complete the implementation of such a data management method in accordance with the invention with a view to third-party exploitation of said data, this may include data export processing comprising:

• a step of reading any record of the associative container comprising an attribute designating an encryption/decryption key;
• a step of:
  • reading the elementary archive of the unitary archive jointly designated by said record read within the associative container;
  • decryption of the fields of said elementary archive read from the encryption/decryption key also designated by the record read in the associative container;
  • creation of an elementary archive in a fourth unitary archive, called “output unitary archive” whose fields correspond respectively to said decrypted fields of the elementary archive read.

Advantageously, a data management method according to the invention may include a step of recording said unitary output archive in a third data memory of the computer system.

According to an advantageous embodiment, such a data management method in accordance with the invention may include a step of verifying the relevance of said unitary output archive, the step of recording in a third data memory only being implemented if said verification step attests that said unitary output archive is relevant.

In the same way, the invention provides that such a method in accordance with the invention may include a step of verifying the relevance of the first unitary archive created, prior to the implementation of the step of creating the data container and/or the step of creating the associative container, at least one of these two creation steps being implemented only if said verification step attests that said first unitary archive is consistent with the input unitary archive, said first unitary archive being deleted from the first data memory and the step of creating in said first data memory a first unitary archive from the input unitary archive being implemented again in the opposite case.

According to this latter advantageous embodiment, said step of verifying the relevance of the first unitary archive may consist of the comparison of redundancy codes respectively and previously calculated from the input unitary archive and the first unitary archive.

• déchiffrer les champs de chaque archive élémentaire de la deuxième archive unitaire à l’aide de la clé de chiffrement/déchiffrement désignée dans l’enregistrement qui est associé à ladite archive élémentaire dans le conteneur associatif et créer une archive élémentaire de champs clairs dans une cinquième archive unitaire ;
• évaluer la conformité de ladite cinquième archive unitaire à ladite première archive unitaire ;

l’étape de suppression de la première archive unitaire dans la première mémoire de données, n’étant mise en œuvre que si ladite étape de vérification de la pertinence de ladite deuxième archive unitaire atteste que ladite cinquième archive unitaire est conforme à la première archive unitaire, ledit procédé comportant, dans le cas contraire, une étape de suppression dans la première mémoire de données, de ladite deuxième archive unitaire et de ladite cinquième archive unitaire provoquant une nouvelle mise en œuvre de l’étape de création d’une deuxième archive unitaire à partir de la première archive unitaire et de clés de chiffrement/déchiffrement.Like the previous step of verifying the relevance of the first unit archive, a data management method according to the invention may include a step of verifying the relevance of the second unit archive created with respect to the first unit archive prior to the implementation of the step of deleting the first unit archive in said first data memory, said verification step consisting of:

• decrypting the fields of each elementary archive of the second unitary archive using the encryption/decryption key designated in the record that is associated with said elementary archive in the associative container and creating an elementary archive of clear fields in a fifth unitary archive;
• assess the conformity of said fifth unitary archive to said first unitary archive;

the step of deleting the first unit archive in the first data memory, being implemented only if said step of verifying the relevance of said second unit archive attests that said fifth unit archive is consistent with the first unit archive, said method comprising, in the opposite case, a step of deleting in the first data memory, said second unit archive and said fifth unit archive causing a new implementation of the step of creating a second unit archive from the first unit archive and encryption/decryption keys.

Such a step of verifying the relevance of the second unitary archive created with regard to the first unitary archive may consist of comparing redundancy codes respectively and previously calculated from the first and fifth unitary archives.

In order not to unnecessarily burden the implementation of a data management method according to the invention and thus preserve the hardware resources of the processing unit implementing said method and the first data memory, the step of creating a second unitary archive may only be implemented if data contained in the first unitary archive is affected by conflicting conservation and updating obligations.

According to an advantageous embodiment, each unitary archive may consist of a flat file, each elementary archive of which may consist of a line of said flat file.

According to an advantageous embodiment, a data container may consist of a current table and an associative container may consist of an associative table.

According to a second subject, the invention relates to a computer program product comprising one or more program instructions executable by the processing unit of a computer system, said program instructions being loadable into a non-volatile memory of said computer system and the execution of which by said processing unit causes the implementation of a data management method in accordance with the invention.

According to a third object, the invention relates to a storage medium readable by a computer comprising the instructions of such a computer program product.

According to a fourth object, the invention relates to a computer system comprising a processing unit, a memory comprising the program instructions of a program product in accordance with the invention.

Other features and advantages will become more apparent upon reading the following description and examining the accompanying figures, including:

illustrates the simplified architecture of a computer system implementing a data management method in accordance with the invention for importing, updating and exporting such data concerned by retention and updating obligations;

illustrates a data import processing of such a data management method according to the invention;

illustrates an example of a current data table used by a data management method according to the invention, such a table comprising for each record a key attribute provided to uniquely identify a unitary information distributed in the other attributes of each record;

illustrates a particular example of such a current data table used by a data management method according to the invention, such a table comprising two records whose attributes respectively characterize customers of a supplier operating a data management application implementing a data management method according to the invention;

illustrates an example of an associative table used by a data management method according to the invention, such an associative table comprising for each record attributes associating unitary information translated into at least one current data table and a flat file translating said unitary information for conservation purposes;

illustrates a particular example of such an associative table in connection with the example of the current table illustrated by the ;

illustrates a processing prior to a first data update of a data management method according to the invention;

illustrates the particular example of the current data table and the associative table associated with it, tables respectively illustrated by FIGS. 3A and 4A, said associative table being modified, prior to any update of said current table, by the implementation of such processing prior to a first data update in accordance with the invention and illustrated by the ;

illustrates a data update processing of a data management method according to the invention;

illustrates the particular example of the current data table and the associative table associated with it, tables respectively illustrated by FIGS. 3A, 4A and 6, said associative table being modified jointly with the deletion of a record from said current table, by the implementation of such data update processing in accordance with the invention and illustrated by the ;

illustrates the particular example of the current data table and the associative table associated with it, tables respectively illustrated by FIGS. 3, 3A, 6 and 8, said associative table being modified jointly with the modification of an attribute of a record of said current table, by the implementation of such data update processing in accordance with the invention and illustrated by the ;

illustrates a data export processing of a data management method according to the invention;

illustrates an example of an exported file resulting from the implementation of a data export processing of a data management method according to the invention.

The data that we want to manage can take more or less complex forms. Simple forms translate, for example, user preferences to specify one or more languages in which certain information is returned via a human-machine output interface, the graphic charter to be used to present such information, etc. Other data are more complex and interrelated on the basis of which a data management software ensures functions of addition, modification, deletion or consultation. Finally, other data can identify or designate documents associated with them.

There are several formats for saving or storing such data that are generally included under the term "database". Among such formats, we can cite flat files (or "flat files" according to Anglo-Saxon terminology) and the tables of a relational database, structuring the data more than flat files. In both cases, the data is organized according to certain criteria in order to allow their exploitation by software or a management application.

• le fichier « TXT » qui est un fichier texte non formaté et exploitable par toute application logicielle ;
• le fichier « CSV » (abréviation anglo-saxonne de «C omma S eparated V alues» pour lequel chaque champ est dépourvu de formatage et est séparé du suivant par une virgule ;
• le fichier « XML » (abréviation anglo-saxonne de «Extensible Markup Language» pour lequel chaque champ est associé à des balises pour décrire et structurer les données ;
• le fichier « AIS » (abréviation anglo-saxonne de « Audit Information System » format d’audit SAP (marque déposée), ce fichier contenant des métadonnées.

A "flat file" is a text file, not compiled, in which data is stored. Each line of such a flat file contains one or more fields generally separated by a delimiter or by a hyphenation defined by a number of characters determined for each of said fields. For example, the comma, the semicolon or even the colon are often used as delimiters. Flat files are widely used in data backup or data import/export projects because of the ease with which they convey data between two computer servers for example. They are therefore generally used to create archives whose integrity and usability can be ensured. However, flat files do not contain any relationship or link between different lines or different fields within the same flat file or to other lines and/or fields of distinct flat files. A flat file is thus a simple data container according to which the fields of the same line constitute a set of independent data. A flat file can nevertheless contain metadata, for example defined in the first lines of the file. We can cite different flat file formats among the best known including:

• the “TXT” file which is an unformatted text file that can be used by any software application;
• the “CSV” file (English abbreviation for “ Comma Separated Values ” for which each field is unformatted and is separated from the next by a comma;
• the “XML” file (Anglo-Saxon abbreviation for “ Extensible Markup Language ” for which each field is associated with tags to describe and structure the data;
• the “AIS” file (English abbreviation for “Audit Information System” SAP audit format (registered trademark), this file containing metadata.

• « conteneurs de données » pour décrire tous conteneurs (tables courantes, fichiers plats ou équivalent) qui caractérisent, par exemple, des produits, services, sujets, etc. ;
• « conteneur de données associatif », ou de « conteneur associatif » par souci de concision, pour décrire tout conteneur (table associative, fichier plat ou équivalent) qui assure des liaisons entre conteneurs de données (tables courantes ou fichiers plats par exemple).

When a database requires the exploitation of more structured and interrelated data, it contains tables instead of simple flat files. In this document, a "table" is understood to be a data container containing information on the relationships between different data, such as a type of product or the characteristics of a person. Each set of information associated with a specific product or person, for example, constitutes a record in the table and the columns list attributes that relate to this product or person. Relational databases are composed of a set of tables that can be accessed and reconstructed in different ways. To access the information, it is required to use queries to interactively query the data contained in the relational database and to collect the data in the context of reports. A key is a group of attributes that uniquely identify a row in a relation, such as the "first name" and "last name" attributes of a person. There are generally two types of tables. The first concerns the so-called "current tables" of data which contain records whose attributes jointly characterize a product or a person to take the previous example. The second type concerns tables called "associative tables" which provide links between two current tables for example. By extension, in this document, we will speak of:

• “data containers” to describe any containers (common tables, flat files or equivalent) that characterize, for example, products, services, subjects, etc.;
• "associative data container", or "associative container" for brevity, to describe any container (associative table, flat file or equivalent) that provides links between data containers (common tables or flat files for example).

There illustrates an example of a computer system 1 for data management. Such a computer system may consist of a computer, a computer server or any other electronic device or set of electronic devices. In simplified terms, the illustrates a computer system comprising a processing unit PU, in the form of one or more microprocessors or microcontrollers cooperating with one or more data memories DMi, DMw, DMo. Thus, for example, DMi characterizes a " legacy " application, DMw characterizes the current application, and DMo characterizes an application that will take over from the current application. Said data memories DMi, DMw, DMo may be entities or sets of entities physically dissociated from each other or may be merged for some within the same physical entity. Furthermore, these same data memories DMi, DMw, DMo may cooperate directly, by wire, i.e. via a communication bus, with said processing unit PU or may be remote from said processing unit and hosted by third-party computer systems. The processing unit PU then cooperates with one or more data memories via a wired or wireless communication network, such as the Internet. As an illustrative example, let us consider in connection with the , that the computer system 1 comprises a computer server whose processing unit PU is arranged to implement a data management method 10 using a local data memory DMw and which cooperates, in SaaS mode (an acronym for " Software - as - a - Service ") or equivalent, with remote computers respectively comprising the data memories DMi and DMo. SaaS is a commercial software operating model according to which said software is installed, maintained and operated on remote servers at a third party rather than on the end user's computer system. The latter operates an online service generally by paying a subscription to the third party.

To adapt the operation of a computer system 1, one or more computer programs comprising instructions executable by the processing unit PU of said computer system 1 are loaded into a program memory PM, said program instructions causing the implementation of suitable methods by said processing unit PU.

There illustrates an example of a very simplified functional description of a data management method 10 according to the invention and implemented by a computer system 1. Mainly, such a method 10 consists of a first processing 100 aimed at importing archive data from a data memory DMi. The processing 100 can be a copy of an already created tax archive, or more completely the extraction of a tax archive. These data, some of which may be concerned by a double obligation of conservation and updating, constitute elementary archives, possibly grouped in the form of unit archives. As a preferred but non-limiting example, such unit archives consist of one or more flat files FFi whose lines, or even fields of such lines, respectively form elementary archives. Other unit archive formats could be retained, such as data tables, in place of flat files. It is sufficient that these formats respect the criteria of traceability and exploitability mentioned previously in connection with the notion of internal and external archives, for example.

Data could also be used to constitute or identify a set of documents Di, for example, contracts, pay slips, invoices. To constitute such a form of storage in the form of one or more flat files FFi, this data could have been the subject of a data extraction process from a relational database that had become obsolete. The archives in the form of flat files FFi can be respectively associated with a set of redundancy codes or Hi fingerprints intended to prove their integrity. Such a redundancy code can for example result from an implementation of a cryptographic hash function (also known by the English terminology " Secure Hash Function " or by the acronym SHA). There are many algorithms, among which we can cite SHA-1, SHA-256, SHA-512, MD5, to carry out such a hash function. The cryptographic hash function is mainly arranged so that an alteration of the file, however minor, causes a clear modification of said redundancy code if the latter is recalculated following said alteration. The invention cannot be limited by these examples of production of redundancy codes alone, nor even by their use or existence. The import processing 100 mainly consists in translating the archive data contained in the flat file(s) FFi, so that the information contained is found in the form of flat files or unitary working archives FFw, one or more current data tables Tw, or more generally all data containers, and one or more associative tables CTw of a database to facilitate their management. These new data structures, containers and unitary archives are recorded in the local data memory DMw. Such import processing 100 will be described in more detail in connection with FIGS. 2, 3 and 4 in a general form and in connection with FIGS. 2, 3A and 4A through a concrete and simplified application example.

As shown in FIG. 1, a data management method 10 according to the invention comprises a process 300 for updating said data to update certain information, i.e. modify and/or delete the latter. Prior to the implementation of such an update processing 300, a method 10 comprises a pre-processing 200 aimed at encrypting the working files FFw from encryption/decryption keys . Finally, to terminate the data management for a subsequent migration, such a method 10 may include a decommissioning processing 400 , according to English terminology, aimed at exporting the data in the form of flat files FFo to an output data memory DMo. The management of the input documents Di, copied in the form of working documents Dw, some of which may be copied to become output documents Do, is not directly part of the invention. On the other hand, the invention provides that designation data, for example indexes, designating such documents Di, Dw, Do may be associated with the latter. This designation data may be treated as elementary or unitary archives. Thus, the management of such documents Di, Dw, Do may be considered as addressed, indirectly, by a method 10 in accordance with the invention.

Let us examine in more detail, in connection with figures 2, 3 and 4, a data import processing 100 of a data management method 10 according to the invention.

Let us consider that the archive data is initially stored in clear text in a flat file FFi within an input data memory DMi of the computer system 1. Such a flat file FFi comprises one or more lines, respectively describing elementary archives, each comprising one or more fields for respectively storing distinct information as indicated by the .

An import processing 100 may consist first of all in a step 101 of reading the unit archive, for example, in the form of the flat file FFi and of creating 102 in the working data memory DMw a second unit archive, for example, in the form of a second flat file FFw-1 from said first flat file FFi so that said first and second flat files FFi and FFw-1 are identical. As indicated in the , a flat file FFw-1 thus consists of a plurality of m lines FFw-1R1 to FFw-1Rm, each comprising n fields TFd1, TFd2 to TFdn. According to the example illustrated by the , the latter are separated by a delimiter d, in this case the semicolon. The invention cannot be limited by this choice of delimiter alone and could use ':' or '/' instead of said semicolon.

In order to ensure that the file FFw-1 is indeed compliant with the flat file FFi and/or that the latter has not been altered beforehand or during step 101, a processing 100 may advantageously include a step 103 of verifying the relevance of the flat file FFw-1. Such a step may consist of comparing redundancy codes Hi and H1 respectively and previously calculated from the flat files FFi and FFw-1. If step 103 attests that said redundancy codes Hi and H1 are different, the flat file FFw-1 is deemed non-compliant, in this case not identical, to the input flat file FFi. In this case, the situation is illustrated by the link 103-n on the , said flat file FFw-1 is deleted, in a step 104, from the data memory DMw and the step 102 of creating a new flat file FFw-1 from said input flat file FFi is implemented again. Otherwise, situation illustrated by the link 103-y in , treatment 100 can continue.

Whatever the methods of constituting the unitary archive FFw-1, a processing 100 comprises a step 105 of creating, in the first data memory DMw, a data container Tw, in the advantageous form of a current table, the records TwR1, TwR2, TwR3, …, TwRm of which each designate an elementary archive and correspond respectively to the lines FFw-1R1, FFw-1R2, FFw-1R3, …, FFw-1Rm of the flat file FFw-1 constituting a unitary archive. Such a current table Tw is such that a record attribute TwRxAn corresponds to a line field FFw-1RxCn.

The current table Tw is created in step 105 such that each record also includes an additional attribute TwRxAUK whose value UK1, UK2, UK3, UKm consists of a unique key designating in a unique manner the information contained in a given record of said current table Tw and consequently the information (elementary archive) contained in a corresponding line of the flat file FFw-1 (unitary archive). Such a unique key UK1, UK2, UK3, UKm can be developed using different techniques, among which we can cite the implementation of a cryptographic function for hashing all or part of the values of the attributes of a record of the table Tw with the exception of the attribute TwRxAUK, the drawing (without duplicates) of a random number, the incrementation of a number, etc.

In connection with figures 2 and 4, step 105 further consists in creating, in the data memory DMw, an associative container CTw, in the advantageous form of an associative table, comprising a record CTwR1, CTwR2, CTwR3, …, CTwRk associated with each record TwR1, TwR2, TwR3, …, TwRm of the current table Tw. Each record of said associative table CTw comprises a UK attribute to contain the unique key designating the record of the current table thus associated with it. Each record of said associative table CTw further comprises attributes FN, RN to respectively designate the flat file FFw-1 as well as the line of the latter from which the record of the current table Tw associated with it was initialized. The unique key UK1, UK2, UK3, UKm thus makes it possible to associate, via the associative table CTw, a line FFw-1R1, FFw-1R2, FFw-1R3, …, FFw-1Rm of the file FFw-1 with a record TwR1, TwR2, TwR3, …, TwRm of the table Tw. Optionally and advantageously, each record CTwR1, CTwR2, CTwR3, …, CTwRk of the associative table CTw can include accessory attributes CD, CID to designate respectively the timestamp CD and the identifier CID of the person who triggered the import processing 100. It is thus possible to know, for example for audit purposes, the time of import of the data and the person who was responsible for it. A record CTwR1, CTwR2, CTwR3, …, CTwRk may also include other attributes, such as the referenced attributes CK, ED and EID used by the processing 200. These will be described later in connection with the . Attributes that can be described as a "designation" such as UK, FN, RN, to name a few, can be understood as a value, an index to a table or an indirection data container, a pointer, an unambiguous address or any other means of designating content, in this case a unit archive, an elementary archive or any data structure describing such archives or content.

• la ligne FFw1-1R1 qui correspond à un premier fournisseur français et comprend les champs « 00001 », « FR », « Dupond » et « 14 rue de l’océan » séparés deux à deux par le délimiteur « ; » ;
• la ligne FFw1-1R2 qui comprend les champs « 00002 », « DE », « Meyer » et « Zentrale Straße » également séparés deux à deux par le délimiteur « ; ».

Figures 3A and 4A illustrate, through a concrete and simplified application example, the implementation of an import processing 100 as described above. The input data are stored in a single unit archive in the advantageous form of a single flat file FFi1 comprising two pieces of information describing suppliers and corresponding to two lines (or more generally two elementary archives) within said file FFi1 (or unit archive). The latter each comprise four fields to respectively designate a supplier code, the country of said supplier, the name of the reference person and a postal address. At the end of the implementation of step 101, a working flat file FFw1-1 is created identical to the flat file FFi1. As indicated in , the flat file FFw1-1 contains:

• line FFw1-1R1 which corresponds to a first French supplier and includes the fields “00001”, “FR”, “Dupond” and “14 rue de l’océan” separated two by two by the delimiter “;”;
• line FFw1-1R2 which includes the fields “00002”, “DE”, “Meyer” and “Zentrale Straße” also separated two by two by the delimiter “;”.

• l'enregistrement Tw1R1 correspondant à la première ligne FFw1-1R1 du fichier plat FFw1-1 dont l’attribut PID comporte la valeur « 00001 », l’attribut PC comporte la valeur « FR », l’attribut PN comporte la valeur « Dupond » et l’attribut PA comporte la valeur « 14 rue de l’océan » ; ledit enregistrement comprend en outre l’attribut UK qui comporte la valeur unique « 12345678 » désignant de manière univoque l’information contenue dans ledit enregistrement Tw1R1 ;
• l'enregistrement Tw1R2 correspondant à la deuxième ligne FFw1-1R2 du fichier plat FFw1-1 dont l’attribut PID comporte la valeur « 00002 », l’attribut PC comporte la valeur « DE », l’attribut PN comporte la valeur « Meyer » et l’attribut PA comporte la valeur « Zentrale Straße » ; ledit enregistrement comprend en outre l’attribut UK qui comporte la valeur unique « 98765432 » désignant de manière univoque l’information contenue dans ledit enregistrement Tw1R2.

At the end of the implementation of step 105, a data container in the form of a current table Tw1 is created as well as an associative container CTw1 in the advantageous form of an associative table. We can see that said current table Tw1 comprises two records Tw1R1 and Tw1R2 each comprising five attributes. The first four attributes PID, PC, PN and PA correspond respectively to the fields of a line (elementary archive) of the flat file FFw1-1. The fifth attribute UK is arranged to comprise a unique key which unambiguously designates the information of a supplier contained in the record. Thus, the describes a current table Tw1 comprising:

• the Tw1R1 record corresponding to the first line FFw1-1R1 of the flat file FFw1-1 whose PID attribute contains the value “00001”, the PC attribute contains the value “FR”, the PN attribute contains the value “Dupond” and the PA attribute contains the value “14 rue de l'océan”; said record further comprises the UK attribute which contains the unique value “12345678” uniquely designating the information contained in said Tw1R1 record;
• the Tw1R2 record corresponding to the second line FFw1-1R2 of the flat file FFw1-1 whose PID attribute has the value “00002”, the PC attribute has the value “DE”, the PN attribute has the value “Meyer” and the PA attribute has the value “Zentrale Straße”; said record further comprises the UK attribute which has the unique value “98765432” uniquely designating the information contained in said Tw1R2 record.

Note that if the FFi1 and/or FFw1 archives are constructed in such a way that the PID fields are naturally unique, then the UK and PID fields could be confused in the TW1 table.

Step 105 also generated the creation of the associative table CTw1. This includes two records CTw1R1 and CTw1R2 respectively associated with the records Tw1R1 and Tw1R2 of the current table Tw1. Indeed, the record CTw1R1 includes a first attribute UK which includes the unique value “12345678” uniquely designating the elementary archive describing the supplier information contained in the record Tw1R1. Said record CTw1R1 further includes an attribute FN designating the flat file FFw1-1 and an attribute RN designating line 1, i.e. line FFw1-1R1 of said file. Optionally, said CTw1R1 record includes a CD attribute to store the timestamp (day and/or time) ts1 of the creation of said record, therefore of the import of the data, and a CID attribute to designate an identifier U012 of a user responsible for carrying out said import.

The CTw1R2 record includes a first UK attribute which includes the unique value “98765432” uniquely designating the elementary archive describing the supplier information contained in the Tw1R2 record of the current table Tw1. Said CTw1R2 record also includes an FN attribute designating the flat file FFw1-1 and an RN attribute designating line 2, i.e. line FFw1-1R2 of said file. Optionally, said CTw1R2 record includes a CD attribute to store the ts2 timestamp of the creation of said record, therefore of the import of the data, and a CID attribute to designate an identifier U012 of a user responsible for carrying out said import.

We can see that the attributes CK, ED and EID illustrated by the are not initialized at this stage of the implementation of method 10. On the other hand, the associative table CTw1 clearly ensures a link between the records of the current table Tw1 and the lines (elementary archives) of the flat file FFw1-1 from which said records of the table Tw1 were initialized. Thus, a form of “triptych” has been constituted between information contained in a unitary archive (flat file FFw1-1), the same information contained in a data container (current table Tw1) and a link between said information by means of the associative container (associative table CTw1). The flat file FFw1-1 is non-modifiable, the table Tw1 is modifiable and the associative table CTW1 ensures the link between the two.

There illustrates an example of a functional description of a processing 200 prior to any subsequent implementation of one of the records of a current table Tw or Tw1 created by an import processing 100 such as that described in connection with the and the or 3A.

Such processing 200 is essential to comply with the constraints of the GDPR or any other obligation aimed at protecting personal data, for example. It mainly consists of encrypting any unitary archive with an encryption/decryption key dedicated to each elementary archive of said unitary archive. Proof of conservation of the unitary and elementary archives can thus be guaranteed because any elementary archive subsequently modified will no longer be decryptable using said original encryption/decryption key. The implementation of such processing 200 can be automatically triggered at the end of the implementation of an import processing 100 or, as a variant, triggered following an instruction from a user of the system implementing a method according to the invention. According to an alternative embodiment, said successive processing operations 100 and 200 could constitute only one and the same processing operation triggered upon import of the data. According to another alternative embodiment, the processing 200 can be launched automatically, manually, over a complete or partial perimeter, once or several times.

Such processing 200 firstly consists of a step 201 for reading, in the working data memory DMw, a flat file FFw-1 possibly associated with a redundancy code H1 characterizing the latter, if such a code H1 has been jointly recorded in said working memory DMw, for example at the end of the implementation of an import processing 100. Said processing 200 comprises a step 203 for creating, in the data memory DMw, as many encryption/decryption keys that there are lines in the flat file FFw-1 that was created jointly with a current table Tw at the end of the implementation of the import processing 100. Such encryption/decryption keys can be created using any known technique. They can for example be derived from a common mother key or allocated by unit archive. Such a derivation can be carried out from said mother key and a random or pseudo-random seed. The length, for example equal to 128 or 256 bits, of said encryption/decryption keys is determined according to the chosen encryption/decryption algorithm. Such an encryption/decryption algorithm can be chosen from a multitude of known symmetric encryption algorithms such as, but not limited to, DES, Triple DES, AES, Twofish, Rrindjael, Blowfish, Serpent, RC6 or Mars. However, the invention would not be limited by these choices of algorithms.

The encryption/decryption keys used for unit archives also have some additional advantages. The security of information systems is ensured in part by encryption. Encryption is generally done at the level of a unit archive (file). However, the data models of the most widely used management applications are known. For example, a table in SAP software begins with a three-digit field, almost always identical, followed by a purchasing organization number, followed by an order number whose format almost systematically begins with 450000. Such similarities in elementary archives and the large quantity of elementary archives in a unit archive greatly promote the possibility of decryption by an unauthorized third party. The encryption of each elementary archive (which can be done in addition to classic encryption) makes the encryption more secure in the sense that it concerns less data. The type of encryption therefore does not necessarily have to be very strong, since there will be millions of different keys. Low encryption is also simpler to implement in terms of processing time.

The invention is described through a preferred exploitation of symmetric encryption algorithms. Thus, the same key can be used to encrypt and decrypt content. Alternatively, the invention could exploit an asymmetric encryption/decryption system, especially if the storage of the encrypted archives and the keys must be held by different companies.

Encryption/decryption keys are used by said step 203 to create a new flat file FFw-2 from said flat file FFw-1. According to the invention, each field of the same line of said new flat file FFw-2 results from an encryption operation of the corresponding field of the same line of said flat file FFw-1 by one of said encryption/decryption keys . Thus, the new flat file FFw-2 is in some way an encrypted copy, line by line - that is to say elementary archive by elementary archive - of the unitary archive in the form of the flat file FFw-1, the attributes of each line having all been encrypted by one of the said encryption/decryption keys. The invention provides that said elementary lines or archives are respectively encrypted by keys different.

The invention provides for many alternatives: encrypting an entire elementary archive using a key , or encrypt the fields of such an elementary archive respectively by different or derived keys, or any other combination. It is also possible to reuse the encryption/decryption keys identical for different unit archives. Let us recall that the logic of the invention is to create a new encrypted unit archive chained to an initial unit archive and which will replace the latter. This new encrypted unit archive may, without ever being modified, lose the information concerning an elementary archive, without modification, by the loss of knowledge of the encryption/decryption key associated with the decryption of the elementary archive.

For each line thus encrypted, said step 203 further consists in updating an attribute CK, in the record CTwR1, … CTwRk of the associative table CTw which designates the line which has been encrypted of the file FFw-1, so that said attribute CK designates the encryption/decryption key used to encrypt the fields of said line of said flat file FFw-1 to create the encrypted line of the new flat file FFw-2. Such a CK attribute may include the encryption/decryption key as such or any value, possibly plural, necessary for the designation or generation of said encryption/decryption key . The invention provides, at this stage, different variants for linking the record corresponding to the line of the flat file FFw-1 to the encrypted line of the new flat file FFw-2 thus created. According to a first variant, the flat files FFw-1 and FFw-2 share a common naming radical, only an extension making it possible to distinguish the clear version from the encrypted version. Alternatively, the record of the associative table CTw may include an additional attribute to designate the new flat file FFw-2 thus newly created. In this case, the two files may not follow an imposed naming rule.

• une clé de chiffrement/déchiffrement choisie parmi l’ensemble qui a été utilisée pour chiffrer une archive élémentaire de l’archive unitaire claire FFw-1 (en l’espèce une ligne d’un fichier plat selon l’exemple illustré par les figures 3 et 4),
• ladite archive élémentaire de ladite archive unitaire FFw-1,
• l’archive élémentaire au sein de la version chiffrée FFw-2 de ladite archive unitaire FFw-1 et,
• l’enregistrement du conteneur de données Tw (en l’espèce un enregistrement d’une table courante) selon l’exemple illustré par les figures 3 et 4) initialisé à partir de ladite archive élémentaire de l’archive unitaire claire FFw-1 lors du traitement d’importation 100.

Whatever the technique chosen, at the end of the implementation of step 203, said associative table CTw links, directly or indirectly:

• an encryption/decryption key chosen from the set which was used to encrypt an elementary archive of the clear unit archive FFw-1 (in this case a line of a flat file according to the example illustrated by figures 3 and 4),
• said elementary archive of said unitary archive FFw-1,
• the elementary archive within the encrypted version FFw-2 of said unitary archive FFw-1 and,
• the recording of the data container Tw (in this case a recording of a current table) according to the example illustrated by figures 3 and 4) initialized from said elementary archive of the clear unitary archive FFw-1 during the import processing 100.

As shown in Figure 4, the associative table record thus updated to designate the encryption/decryption key exploited may further include an additional ED attribute for recording a timestamp of said encryption and an additional EID attribute for storing an identifier of the person responsible for triggering said process of creating the FFw-2 unitary archive in the form of a flat file.

A processing 200 further comprises a step 206 of deleting the clear unit archive FFw-1 in the first data memory DMw. Only the encrypted version FFw-2 thereof prospers at the end of the implementation of said processing 200. The encrypted version FFw-2 only makes sense if the deletion of the clear unit archive is carried out.

An implementation of such processing 200 is illustrated by the through the simplified example of the data whose import 100 was previously described in connection with figures 3A and 4A.

The said thus presents a Tw1 table identical to that described in connection with the . Indeed, processing 200 does not modify said current table Tw1. On the other hand, said illustrates, at the end of the implementation of the processing 200, the deletion of the file FFw1-1 in the data memory DMw. This deletion is symbolized by the slash crossing the graphic representation of said flat file FFw1-1. Said also describes the creation of the flat file FFw1-2 which corresponds to the encrypted copy of said flat file FFw1-1. We thus find in lines FFw1-2R1 and FFw1-2R2 of said file FFw1-2, the four encrypted fields describing suppliers. We can also see that the encryption/decryption key CK1 was used to encrypt line FFw1-2R1 and that key CK2 was used to encrypt line FFw1-2R2.

This exploitation of said keys CK1 and CK2 results in the updating of the associative table CTw1. Thus, the CTw1R1 record associated with the first line of the FFw-1 and FFw-2 files is modified so that the CK attribute designates the encryption/decryption key exploited, in this case the CK1 key. Optionally, said CTw1R1 record is also updated to timestamp the encryption of the flat file FFw1-1 and store the identifier of the operator who triggered said encryption. Thus, the ED attribute includes the ts3 timestamp and the EID attribute includes the U020 identifier.

The CTw1R2 record, associated with the second line of the FFw1-1 and FFw1-2 files, is modified so that the CK attribute designates the encryption/decryption key used, in this case the CK2 key. Optionally, said CTw1R2 record is also updated to timestamp the encryption of the second line of the FFw1-1 flat file and to store the identifier of the operator who triggered said encryption. Thus, the ED attribute includes the ts4 timestamp and the EID attribute includes the U020 identifier.

There further illustrates an example of processing 200 prior to any modification or deletion of an elementary archive within a data container Tw (for example a current table), comprising an optional step of verifying the relevance of the encrypted unitary archive FFw-2 with respect to the clear unitary archive FFw-1, the latter being able to be presented in an advantageous form of flat files. Indeed, since the clear unitary archive FFw-1 is intended to be deleted at the end of the implementation of step 206, it may be advantageous to ensure that the encryption process 203 has been carried out correctly.

As an example of a preferred embodiment, such verification may consist of a first iterative step of decrypting 204 the fields of each line of the encrypted flat file FFw-2 (created in step 203) using the encryption/decryption key designated in the record that is associated with said line in the associative table CTw and of creating a line of clear fields in a new flat file FFw-2'. At the end of the creation of a decrypted version FFw-2' of said encrypted flat file FFw-2, a step 205 of evaluating the conformity of said new decrypted flat file FFw-2' with respect to the initial clear flat file FFw-1 is implemented. The invention then provides that advantageously, step 206 is only implemented if the conformity test 205 is positive (situation symbolized by the link 205-y on the ). Step 206 may include the creation of a "trace" to prove that test 205 was successfully performed. This trace may result in the retention of a redundancy code or a hash of the decrypted file FFw-2' in a table of the application implementing a data management method 10 according to the invention. On the other hand, if said test 205 fails (situation symbolized by link 205-n on the ), the clear flat file FFw-2' and the encrypted flat file FFw-2 are deleted from the data memory DMw. The step 203 of creating an encrypted unit archive FFw-2, in the advantageous form of a flat file, is then implemented again and submitted to the approval of a new conformity check 204-205. We can note that the clear unit archive FFw-2' is deleted in the data memory DMw, whatever the "verdict" 205-y or 205-n of the conformity test 205 previously mentioned.

As an advantageous example of an embodiment, step 205 of evaluating the conformity of a new decrypted flat file FFw-2’ with respect to an initial clear flat file FFw-1 may consist of comparing redundancy codes H1, H2’ respectively and previously calculated from said flat files FFw-1 and FFw-2’. Such redundancy codes may for example result from an implementation of a cryptographic hash function. A hash is the result of a calculation applied to the unit archive, of a size much smaller than that of said unit archive, and the calculation of which has the particularity that a minor change in the unit archive (for example the modification of a character), results in a significant change in the value of said hash. Consequently, only two identical hashes testify that their respective calculations were carried out on two identical files.

There further presents an advantageous example for which the creation 203 of an encrypted unitary archive FFw-2 and the deletion 206 of the initial unitary archive FFw-1 are only implemented if (situation illustrated by the link 202-y in the ) the data contained in said unitary archives include data concerned by conflicting obligations of conservation and updating, as may be the case for personal data with regard to the GDPR for example. According to this advantageous example, a processing 200 may advantageously include a test 202 aimed at conditioning the implementations of said steps 203 to 206 (situations illustrated in the respectively by link 202-y, in the affirmative, and by link 202-n, in the negative). Such a test 202 may consist of reading meta-information contained in the unitary archive FFw-1 (possibly inherited from the input unitary archive FFi or created by implementing a suitable import processing 100) and which characterizes such obligations. Such a test 202 could also implement any other analysis relating to the type of data contained in such a unitary archive FFw-1. Alternatively or additionally, it is the entire process 200 which could be implemented prior to a processing 300 on the sole scope concerned by the processing 200 considered. In both cases, the processing 200 may apply to all the data of a data container (one or more unitary archives) or to only part of these unitary archives.

Step 202 may also constitute a process of reprocessing the unit archives into two categories of unit archives: on the one hand, unit archives for which no record is subject to destruction/modification constraints, and on the other hand, unit archives for which each record is subject to such constraints.

The invention has been described according to a preferred exemplary embodiment, according to which an associative container CTw, in the advantageous form of an associative table, is created in the first data memory DMw, with a data container Tw, in the advantageous form of a current table, in the same step 105 of an import processing 100. As a variant, the invention provides that the creation of such an associative container CTw can be created separately from the creation of a data container Tw. It suffices that such a step of creating an associative container CTw be implemented prior to the implementation of the step 203 described above. In this case, such a step of creating an associative container CTw can be part of a processing 200 prior to any subsequent implementation of one of the records of a current table Tw.

As indicated by the , a data management method 10 according to the invention may further comprise a processing 300 for updating the managed data. The illustrates such treatment 300 in response to an instruction (referenced USP in ) of modification of the content of a data container Tw emanating from a user instruction or a management rule, applied via an interface or an algorithm. The USP instruction, received or detected in a step 310, applies to the elementary archive and its equivalent in the data container Tw but it cannot, let us recall, apply to the unitary archive as such. Depending on whether said USP instruction concerns a deletion of an elementary archive or an update, the processing 300 is subdivided into two main sub-processes referenced 300-D and 300-U on the .

When said update processing 300 consists of the translation 310 of a deletion instruction (situation illustrated by the link 310-D in FIG. 7) of a record of a data container Tw (for example, in the advantageous form of a current table) describing an elementary archive, said processing 300 consists of the subprocessing 300-D. This comprises a step 321 of deleting said record subject to said deletion instruction USP in said data container Tw, and of erasing the attribute CK designating the encryption/decryption key in the record of the associative container CTw (for example, in the advantageous form of an associative table) corresponding to the deleted record in the data container Tw. Thus, deleting elementary archives from the same unitary archive while losing knowledge of the encryption/decryption keys respectively associated with said elementary archives, makes it possible not to modify the unitary archive and thus meets the contradictory needs of conservation and updating of such archives. When the data concerned by such a USP request for deletion relate to designation data of a working document Dw, said step 321 can further destroy or erase in the working memory said document Dw designated by said designation data.

An implementation of such 300-D subprocessing is illustrated by the through the simplified example of data whose import 100 was previously described in connection with figures 3A and 4A and whose prior processing 200 was described in connection with the .

The said presents a data container Tw1 identical to the table Tw1 illustrated by the , except for the Tw1R1 record which has been subject to a USP deletion order. The PID, PC, PN, PA and UK attributes of this record appear blank on the . We can see that the flat file (unitary archive) FFw1-2 remains unchanged at the end of processing 300, 300-D. It therefore retains the status of a tax archive and can serve as a basis for presenting data to coercive control bodies. The said further presents an associative container CTw1 similar to the associative table CTw1 already described in connection with the . However, following the implementation of subprocessing 300-D, the CTw1R1 record of said associative container CTw1 (i.e. the record that is associated with the deleted Tw1R1 record since both CTw1R1 and Tw1R1 records - before the deletion of the Tw1R1 record - have identical CK attributes with values of "12345678") has been modified. This modification concerns the CTw1R1A2 attribute (which appears surrounded by a broken line on the ) which until then designated the encryption/decryption key CK1 (cf. ). The said CTw1R1A2 attribute is now deleted. Thus, although the FFw1-2 file is kept as is, it is no longer possible to access – via the CTw1 associative table – the clear information relating to the FFw1-2R1 line of the latter since the CTw1R1 record no longer designates the encryption/decryption key necessary for decrypting the said FFw1-2R1 line.

There further describes a subprocess 300-U (of the processing 300) triggered following the receipt of a USP instruction to modify all or part of a record of a data container Tw translating an elementary archive. Such a USP instruction may consist, for example, of modifying the value contained by an attribute or of deleting such an attribute.

Such subprocessing 300-U includes a step 331 of updating the record in the data container Tw (for example in the advantageous form of a current table) which is the subject of said modification instruction USP, to modify or delete the value contained in one or more attributes thereof.

Said subprocessing 300-U then includes a step 332 of creating a new encryption/decryption key, thus completing the whole previously constituted in particular at the end of processing 200. Said step 332 further consists of creating a new unit archive, in this case a new flat file, FFw-3, one line of which (elementary archive) corresponds to the record of the current table Tw, at least one attribute of which was modified in step 331. Each field of the line created within the new flat file FFw-3 corresponds to each attribute (except for the UK attribute) of said modified record, the value of each of said attributes being encrypted by the new encryption/decryption key created. If a unit archive FFw-3 already exists, and can be completed, then step 332 consists of adding an elementary archive to the existing unit archive (for example until a predefined number of lines and/or volume is obtained). It may seem surprising to be able to modify a unitary archive in this way when the invention aims to not modify the unitary archives. In fact, such an archive having been created by the application implementing a data management method 10 according to the invention, the requests formulated by coercive controls do not require the use of a tax archive. This tax archive would only be required if the application implementing a data management method 10 according to the invention were to be decommissioned. Consequently, the creation of FFw-3 is only really required upon decommissioning of the application implementing a data management method 10 according to the invention. Storing the information in the form of a “tax archive” FFw-3 simplifies the development of the application implementing a data management method 10 according to the invention insofar as the data thus created can also be the subject of subsequent processing 300.

Such a subprocessing 300-U also comprises a step 333 of updating the associative container (for example, in the advantageous form of an associative table) CTw associated with the data container Tw (for example, in the advantageous form of a current table). This updating of said associative table CTw consists more precisely in the erasure of the attribute CK, designating the encryption/decryption key previously used to create the unitary archive (for example, in the advantageous form of a flat file) FFw-2, in the record of said associative table CTw which corresponds to or which is associated with the record updated in the data container Tw in response to the instruction USP.

• un attribut UK pour contenir la clé unique désignant ledit enregistrement du conteneur de données Tw qui a été mis à jour ;
• des attributs pour respectivement désigner la nouvelle archive unitaire FFw-3 et l’archive élémentaire de cette dernière qui a été initialisée à l’étape 332 ;
• un attribut désignant la clé de chiffrement/déchiffrement utilisée pour chiffrer les champs de l’archive élémentaire dans l’archive unitaire FFw-3 (c’est-à-dire les champs d’une ligne d’un fichier plat lorsque l’archive unitaire FFw-3 consiste en un tel fichier plat). Ce chiffrement peut ne pas être obligatoire. Il est avantageusement mis en œuvre, afin que le processus 300 s’applique également à la modification de données contenues dans l’archive unitaire FFw-3, des solutions alternatives d’implémentation pourraient être envisagées sans la nécessité du chiffrement des archives élémentaires dans l’archive unitaire FFw-3.

Said step 333 further consists in creating, in said associative container CTw, a new record associated with said updated record in the data container Tw. This new record of said associative container CTw mainly comprises:

• a UK attribute to contain the unique key designating said record of the Tw data container that was updated;
• attributes to respectively designate the new FFw-3 unit archive and the elementary archive of the latter which was initialized in step 332;
• an attribute designating the encryption/decryption key used to encrypt the fields of the elementary archive in the FFw-3 unitary archive (i.e. the fields of a line of a flat file when the FFw-3 unitary archive consists of such a flat file). This encryption may not be mandatory. It is advantageously implemented, so that the process 300 also applies to the modification of data contained in the FFw-3 unitary archive, alternative implementation solutions could be envisaged without the need for encryption of the elementary archives in the FFw-3 unitary archive.

When, like the example described by the , the associative container CTw (for example, in the advantageous form of an associative table) comprises accessory attributes CD, ED for recording the respective timestamps of the creation of the entry in said table CTw and of the creation of the encrypted elementary archive in the unitary archive FFw-3, or even accessory attributes CID and EID for recording the identifiers of the persons having been at the origin of said creations, the step 333 of creation, in said associative table CTw, of a new record associated with said updated record in the data container Tw, further consists, for consistency, in initializing said accessory attributes CD, CID, ED, EID in connection with the creation and encryption of the elementary archive of the unitary archive FFw-3. Thus, such accessory attributes CD and ED, as well as CID and EID, are identical two by two and designate respectively the time of creation of the elementary archive in said unitary archive FFw-3 (or of the creation of the record in the associative table CTw) and the person at the origin of the USP instruction to update the record in the data container Tw.

The associative container CTw thus modified in step 333, directly or indirectly links the new encryption/decryption key that was used to create said elementary archive within the unitary archive FFw-3, the elementary archive within the latter and the record of the updated data container Tw. Thus, a modification of an elementary archive by deleting it, then storing the modified information, with a view to constituting, at the moment or later, a new elementary archive without altering the original unitary archive, also meets the contradictory needs of conservation and updating.

An implementation of such 300-U subprocessing is illustrated by the through the simplified example of data whose import 100 was previously described in connection with figures 3A and 4A and whose prior processing 200 was described in connection with the . The arrangement of said subprocessing 310-U into three sequential steps 331, 332, and 333 is arbitrary insofar as the steps can be performed in parallel or in a different order.

The said presents a data container in the form of a table Tw1 identical to the current table Tw1 illustrated by the , except for the Tw1R1A4 attribute of the Tw1R1 record which was the subject of a USP instruction for modification. Indeed, according to this example, the head office of a French supplier moved from “14, rue de l'océan” to “Place centrale”. This example may be surprising because it does not consist of anonymizing information, but it can be understood as a pseudo-anonymization, making it possible to make a data set usable (for example, for research or marketing purposes) without containing usable personal information. We can see that the unitary archive, in the advantageous form of the flat file FFw1-2, remains unchanged at the end of the 300, 300-U processing. Said presents however the creation of a new unitary archive in the form of a new flat file FFw1-3 which includes an elementary archive, in this case a line FFw1-3R1, comprising, like an elementary archive in the form of a line of the flat file FFw1-2, four fields which correspond respectively to the attributes PID, PC, PN and PA of the modified Tw1R1 record, said attributes being encrypted by means of a new encryption/decryption key CK3 to constitute the fields of said elementary archive FFw1-3R1.

There further illustrates an associative container in the advantageous form of an associative table CTw1 similar to that already described in connection with the . However, following the implementation of subprocessing 300-U, the CTw1R1 record of the CTw1 associative table, associated with the Tw1R1 record which is the subject of the USP instruction under modification, was modified. This modification consists of deleting the value of the CTw1R1A2 attribute (appearing surrounded by a broken line on the ). This attribute previously designated the encryption/decryption key CK1. Thus, although the unitary archive (in the advantageous form of a flat file) FFw1-2 is preserved as is, it is no longer possible to access – via the associative table CTw1 – the clear information relating to the elementary archive FFw1-2R1 of said unitary archive since the CTw1R1 record no longer designates the encryption/decryption key necessary for decrypting said elementary archive FFw1-2R1. On the other hand, said associative table CTw1 includes an additional CTw1R3 record with respect to that described in relation to the .

• un attribut UK, référencé CTw1R3A1 sur la , pour contenir la clé unique « 12345678 » désignant l’enregistrement Tw1R1 de la table courante Tw1, ou plus généralement du conteneur de données, qui a été mis à jour traduisant une archive élémentaire amendée ; le fait de conserver la même clé unique UK assure une meilleure traçabilité des modifications, mais, en variante le champ UK pourrait être recalculé ;
• des attributs CTw1R3A3 et CTw1R3A4 pour respectivement désigner la nouvelle archive unitaire FFw1-3 et la ligne ou archive élémentaire FFw1-3R1 de cette dernière ;
• un attribut CTw1R3A2 désignant la clé de chiffrement/déchiffrement CK3 utilisée pour chiffrer les champs de ladite archive élémentaire FFw1-3R1 de ladite archive unitaire FFw1-3.

The new CTw1R3 record of said associative table CTw1 includes:

• a UK attribute, referenced CTw1R3A1 on the , to contain the unique key "12345678" designating the record Tw1R1 of the current table Tw1, or more generally of the data container, which has been updated translating an amended elementary archive; keeping the same unique key UK ensures better traceability of modifications, but, alternatively the UK field could be recalculated;
• attributes CTw1R3A3 and CTw1R3A4 to respectively designate the new unit archive FFw1-3 and the line or elementary archive FFw1-3R1 of the latter;
• a CTw1R3A2 attribute designating the encryption/decryption key CK3 used to encrypt the fields of said elementary archive FFw1-3R1 of said unitary archive FFw1-3.

As mentioned above, such a new CTw1R3 record of the associative table CTw1, associated with the Tw1R1 record updated in the current table Tw1, may include accessory attributes CD, CID, ED, EID linked to the elementary archives of said unitary archive FFw-3, as indicated in the . In this case, the attributes CD and ED designate the timestamp ts5 of the creation of said record CTw1R3 and the attributes ED and EID designate (by the identifier U030) the person at the origin of the instruction to update the record Tw1R1 in the current table Tw1.

After implementing subprocessing 300-U, the associative table CTw1 provides the link between records Tw1R1 and Tw1R2 of the current table Tw1 and the work files FFw1-2 and FFw1-3. More precisely, the first line FFw1-3R1 of the flat file FFw1-3, whose fields can be deciphered using the encryption/decryption key CK3, is associated with record Tw1R1 of the current table Tw1. The second line FFw1-2R2 of the flat file FFw1-2, whose fields can be deciphered using the encryption/decryption key CK2, is associated with record Tw1R2 of the current table Tw1. The CTw1R1 record of the CTw1 associative table is no longer useful for traceability purposes and could be archived.

The situation would have been the same if the USP instruction when modifying a record of a Tw1 data container had concerned the deletion of the name of a reference person, as designated by the PN attribute to comply with GDPR rules, for example.

As indicated by the , the invention provides that a data management method 10 may comprise a processing 400 aimed at completing the operation of said method 10 and exporting the managed data to a third-party application. An example of such processing 400 is illustrated by the .

The objective of this processing 400 may consist of exploiting an associative container CTw associated with a data container Tw, to constitute a unitary archive (for example in the form of a flat file) of output FFo from the encrypted unitary work archives FFw.

Such processing 400 may comprise a first iterative step 401 of reading any record of such an associative container CTw (for example, in the advantageous form of an associative table) comprising an attribute UK designating an encryption/decryption key CK. When a unitary work archive FFw is in the advantageous form of a flat work file, for each record thus selected, a step 402 consists of reading the line of the flat work file FFw designated by the attributes FN and RN (see FIG. 4) of the selected record and decrypting the fields of said read line by exploiting the encryption/decryption key designated (attribute CK) also by the record selected from among the encryption/decryption keys . Such a step 402 then consists in creating, for each record selected within the associative table CTw, a line in a new flat file FFo whose clear fields correspond respectively to said decrypted fields. Such a processing 400 may further comprise a step 404 of recording said output flat file FFo in a data memory DMo of the computer system, such as the computer system 1 according to the . Such a flat file FFo constitutes a unitary output archive, each line of which describes an elementary archive. Such a step 404 may further consist of deleting the encrypted work unitary files or archives FFw in the data memory DMw. Beforehand, the invention provides, according to an optional embodiment, that such processing 400 comprises a verification step 403 of the relevance of said output flat file FFo. In this case, the step 404 of recording in a data memory DMo, or even of deleting the encrypted work files FFw in the data memory DMw, is only implemented if said verification step 403 attests that said flat file FFo is a priori relevant. This situation is symbolized by the link 403-y in . Otherwise (situation symbolized by the link 403-n in ), said flat file FFo is deleted and steps 401 and 402 are implemented again to create a new unitary output archive, in this case, according to this example, a new flat output file FFo. Such a verification step 403 may consist of various operations relating to the flat file FFo, the working files FFw and/or the current tables Tw and associative tables CTw. As an example, said verification 403 may consist of counting the number of records in the associative table CTw used to decipher the fields of a line of a working file FFw and constitute a line of clear fields in said flat output file FFo and then comparing said number of records with the number of lines created in said flat output file FFo. The CTw records corresponding to records deleted within the meaning of step 300-D must not be taken into account. If these two numbers are equal then the flat file FFo is considered (see link 403-y in ) as relevant by step 403. Otherwise (see link 403-n in ), the verification fails. Alternatively and/or additionally, said number of lines created in said output flat file FFo can be compared with the number of non-zero records present in the current table (data container) Tw associated with the associative table CTw used to create said output flat file FFo. If the two numbers are equal, then the output unit archive FFo can be declared relevant at step 403.

There illustrates the result of an implementation of such processing 400 on the simplified example of the data whose import 100 was previously described in connection with FIGS. 3A and 4A, whose prior processing 200 was described in connection with the and whose 300-U update of an attribute of a record was illustrated by the .

By exploiting the associative table CTw1 described in connection with said , only two records CTw1R2 and CTw1R3 have a CK attribute designating a decryption/decryption key, in this case the keys CK2 and CK3. The output flat file FFo1 (unitary output archive) described in , resulting from the implementation of an export processing 400, therefore comprises two lines FFo1R1 and FFo1R2 (elementary archives). The first line FFo1R1, resulting from the exploitation of the CTw1R2 record of the CTw1 associative table, corresponds to the second line of the FFw1-2 file after decryption of the fields using the CK2 encryption/decryption key. The second line FFo1R2, resulting from the exploitation of the CTw1R3 record of the CTw1 associative table, corresponds to the first line of the FFw1-3 file after decryption of the fields using the CK3 encryption/decryption key.

Alternatively, such processing 400 for exporting data contained in a current table Tw1 could consist of browsing the records of the latter and creating a line in said flat output file FFo1 whose fields are those contained in the attributes of said records of said current table Tw1 with the exception of the UK attribute designating a unique key.

More generally, such treatment 400 according to the is thus intended to replace encrypted archive files with plain archive files, also called "plain archive files". This operation is a prerequisite for decommissioning the application implementing a method 10 since a unitary archive can only be used, in the event of coercive control, if it remains readable. The processing 400 illustrated by the does not present all of the necessary and sufficient steps to decommission an application implementing a data management method 10 according to the invention. Indeed, the data containers managed by such an application would be the subject of the creation of unit archives according to an auditable process, the clear archives would be taken as is as well as all documents associated with indexes (designation data) when these documents have not been deleted. Thus, a processing 400 according to the mainly describes a process for providing clear unitary archives, subsequent to the last modifications applied by one or more iterations of a processing 300 before a shutdown or decommissioning of the application implementing a data management method 10 in accordance with the invention.

The processing operations 100, 200, 300 and 400 have been described in connection with FIGS. 2 to 11, through examples relating to data whose import constitutes only a single data container, in this case a current table, Tw and a single associative container, in this case an associative table CTw, for simplification purposes. When said imported data comes from a plurality of unitary input archives FFi, for example in the form of a plurality of flat input files, such an import can result in the creation of a plurality of data containers or current tables Tw and therefore associative tables CTw. Said processing operations 200, 300 and 400 then iteratively relate to said pluralities of data containers Tw and associative containers CTw. In other words, there may be several data containers (several common tables for example), and for each data container, there may be several unit archives (in the advantageous form respectively of several flat files FFi and FFw) according to n-m relations and not only by 1-1 or even 1-n relations. Alternatively, a single global associative container CTw could be created and used to designate any record of any data container Tw. Finally, some data containers Tw and associative CTw could constitute only one and the same entity in the data memory concerned DMw.

Claims (17)

Method (10) for data management designed to be implemented by a processing unit (PU) of a computer system (1) also comprising a first data memory (DMw) accessible in reading and writing by said processing unit (PU), said method (10) being characterized in that said data are stored in clear text in a first unitary archive (FFw-1) within the first data memory (DMw) of said computer system (1), said first unitary archive (FFw-1) comprising one or more elementary archives (FFw-1R1, FFw-1R2, FFw-1R3, …, FFw-1Rm) each comprising one or more fields (FFw-1RxCn) and in that said method (10) comprises:

• a step (100, 105) of creating, in said first data memory (DMw), a data container (Tw) whose records (TwR1, TwR2, TwR3, …, TwRm) respectively describe the elementary archives (FFw-1R1, FFw-1R2, FFw-1R3, …, FFw-1Rm) of said first unitary archive (FFw-1) and for which a record attribute (TwRxAn) corresponds to an elementary archive field (FFw-1RxCn), each record of said data container (Tw) further comprising an additional attribute (TwRxAUK) whose value (UK1, UK2, UK3, UKm) consists of a unique key identifying the information contained in a record of said data container (Tw);
• a step (105) of creating, in said first data memory (DMw), an associative container (CTw) comprising a record (CTwR1, CTwR2, CTwR3, …, CTwRk) associated with each record (TwR1, TwR2, TwR3, …, TwRm) of the data container (Tw), each record of said associative container comprising an attribute (UK) for containing the unique key designating the record of the data container which is thus associated with it, attributes for respectively designating the first unit archive (FFw-1) and the elementary archive of the latter from which the record of the data container (Tw) was initialized;
• a step (203):
  • of creation, in the first data memory (DMw):
    • of as many encryption/decryption keys ( ) that there are records in the data container (Tw);
    • of a second unit archive (FFw-2, FFw1-2) from the first unit archive (FFw-1, FFw1-1) and said encryption/decryption keys ( ) such that each field (FFw1-2R1F1) of the same elementary archive (FFw1-2R1) of said second unitary archive (FFw-2, FFw1-1) results from an encryption operation of the corresponding field (FFw1-2R1F1) of the same elementary archive (FFw1-1R1) of said first unitary archive (FFw-1, FFw1-1) by one (CK1) of said encryption/decryption keys ( ) ;
  • updating an attribute (CK) in the record (CTwR1, … CTwRk) of the associative container (CTw) associated with the record (Tw1R1, …, TwRm) of the data container (Tw) so that said attribute (CK) designates the encryption/decryption key (CK1) used to encrypt the fields of the elementary archive of said first unitary archive (FFw-1, FFw1-1);
• a step (206) of deleting the first unit archive (FFw-1, FFw1-1) in the first data memory (DMw).

Method (10) according to the preceding claim, for which:

• the data are initially stored in clear text in a third-party unit archive, called the “input unit archive” (FFi) within a second data memory (DMi) of said computer system (1), said third-party unit archive (FFi) comprising one or more elementary archives each comprising one or more attributes;
• the method (10) comprises a first step (101) of reading the input unit archive (FFi) in the second data memory and of creating (102) in the first data memory (DMw) the first unit archive (FFw-1) from said input unit archive (FFi) so that said first unit archive (FFw-1) and the input unit archive (FFi) are identical.

Method (10) according to claim 1 or 2, for which, when said method (10) comprises an update processing (300) consisting of a deletion (300-D) of a record (Tw1R1) of the data container (Tw) describing an elementary archive, said processing (300, 300-D) comprises a step (321) of erasing the attribute (CK, CTw1R1A2) designating the encryption/decryption key in the record (CTw1R1) of the associative container (CTw, CTw1) corresponding to said record (Tw1R1) of the data container (Tw, Tw1). Method (10) according to claim 1 or 2, for which, when said method (10) comprises an update processing (300) consisting of a modification (300-U) of an attribute (Tw1R1A4) of a record (Tw1R1) of the data container (Tw, Tw1) describing an elementary archive, said processing (300, 300-U) comprises:

• a step (331) of updating said attribute (Tw1R1A4) in the data container (Tw, Tw1);
• a step of creating (332) an encryption/decryption key (CK3) and a third unitary archive (FFw-3, FFw1-3) of which an elementary archive (FFw1-3R1) corresponds to the record (Tw1R1) of the data container (Tw, Tw1) whose attribute (Tw1R1A4) has been modified and for which each elementary archive field corresponds to each attribute of said record (Tw1R1) encrypted by the encryption/decryption key (CK3) previously created;
• a step (333):
  • deleting the attribute (CK, CTw1R1A2) designating the encryption/decryption key in the record (CTw1R1) of the associative container (CTw, CTw1) corresponding to the updated record of the data container (Tw, Tw1);
  • of creating, in said associative container, a new record (CTw1R3) associated with the record (Tw1R1) updated in the data container (Tw, Tw1), the new record of said associative container (CTw, CTw1) comprising:
    • an attribute (UK, CTw1R3A1) to contain the unique key (UK) designating said record (Tw1R1) of the data container (Tw, Tw1) which was updated,
    • attributes (CTw1R3A3, CTw1R3A4) to respectively designate the third unit archive (FFw-3, FFw1-3) and the elementary archive (FFw1-3R1) of the latter which has just been initialized,
    • an attribute (CTw1R3A2) designating the encryption/decryption key (CK3) used to encrypt the fields of the elementary archive (FFw1-3R1) of said third unitary archive (FFw-3, FFw1-3).

Method (10) according to any one of the preceding claims, comprising a data export processing (400) comprising:

• a step (401) of reading any record of the associative container (CTw) comprising an attribute (UK) designating an encryption/decryption key (CK);
• a step (402) of:
  • reading the elementary archive of the unitary archive (FFw-2, FFw-3) jointly designated by said record read within the associative container (CTw);
  • decryption of the fields of said elementary archive read from the encryption/decryption key also designated by the record read in the associative container (CTw);
  • creation of an elementary archive (FFo1R1, FFo1R2) in a fourth unitary archive, called “output unitary archive” (FFo, FFo1) whose fields correspond respectively to said decrypted fields of the elementary archive (FFw-2, FFw-3) read.

Method (10) according to the preceding claim, comprising a step (404) of recording in a third data memory (DMo) of the computer system (1) said unitary output archive (FFo). Method according to the preceding claim comprising a step of verifying (403) the relevance of said unitary output archive (FFo), the step of recording in a third data memory (DMo) only being implemented if (403-y) said verification step (403) attests that said unitary output archive (FFo) is relevant. Method (10) according to claim 2, comprising a step (103) of verifying the relevance of the first unitary archive (FFw-1, FFw1-1) created, prior to the implementation of the step of creating (105) the data container (Tw, Tw1) and/or the step (105) of creating the associative container (CTw, CTw1), at least one of these two creation steps (105) being implemented only if (103-y) said verification step (103) attests that said first unitary archive (FFw-1, FFw1-1) conforms to the input unitary archive (FFi), said first unitary archive (FFw-1, FFw1-1) being deleted (104) from the first data memory (DMw) and the step of creating (102) in said first data memory (DMw) a first archive unitary (FFw-1) from the input unitary archive (FFi) being implemented again in the opposite case (103-n). Method (10) according to the preceding claim, for which the step (103) of verifying the relevance of the first unit archive (FFw-1, FFw1-1) consists of comparing redundancy codes (Hi, H1) respectively and previously calculated from the input unit archive (FFi, FFi1) and the first unit archive (FFw-1, FFw1-1). Method (10) according to any one of the preceding claims, comprising a step of verifying (204, 205) the relevance of the second unitary archive (FFw-2, FFw1-2) created with respect to the first unitary archive (FFw-1, FFw1-1) prior to the implementation of the step (206) of deleting the first unitary archive (FFw-1, FFw1-1) in said first data memory (DMw), said verification step (204, 205) consisting of:

• decrypting (204) the fields of each elementary archive of the second unitary archive (FFw-2, FFw1-2) using the encryption/decryption key designated in the record which is associated with said elementary archive in the associative container (CTw, CTw1) and creating an elementary archive of clear fields in a fifth unitary archive (FFw-2');
• assess the conformity (205) of said fifth unit archive (FFw-2') to said first unit archive (FFw-1, FFw1-1);

the step (206) of deleting the first unit archive (FFw-1, FFw1-1) in the first data memory (DMw), being implemented only if (205-y) said step of verifying (205) the relevance of said second unit archive (FFw-2, FFw1-2) attests that said fifth unit archive (FFw-2') is consistent with the first unit archive (FFw-1), said method (10) comprising, in the opposite case (205-n), a step of deleting (207) in the first data memory (DMw), said second unit archive (FFw-2) and said fifth unit archive (FFw-2') causing a new implementation of the step of creating (203) a second unit archive (FFw-2) from the first unit archive (FFw-1, FFw1-1) and keys of encryption/decryption ( ). Method (10) according to the preceding claim, for which the step (205) of verifying the relevance of the second unitary archive (FFw-2, FFw1-2) created with respect to the first unitary archive (FFw-1, FFw1-1) consists of comparing redundancy codes (H1, H2’) respectively and previously calculated from the first (FFw-1) and fifth (FFw-2’) unitary archives. Method (10) according to any one of the preceding claims, for which the step (203) of creating a second unitary archive (FFw-2, FFw1-2) is only implemented if (202, 202-y) data contained in the first unitary archive (FFw-1) are concerned by contradictory obligations of conservation and updating. Method according to any one of the preceding claims, for which each unitary archive consists of a flat file, each elementary archive of which consists of a line of said flat file. A method according to any preceding claim, wherein the data container (Tw) consists of a current table and an associative container (CTw) consists of an associative table. Computer program product comprising one or more program instructions executable by the processing unit (PU) of a computer system (1), said program instructions being loadable into a non-volatile memory of said computer system (1) and the execution of which by said processing unit (PU) causes the implementation of a method (10) according to any one of the preceding claims. Computer-readable storage medium comprising the instructions of a computer program product according to the preceding claim. Computer system (1) comprising a processing unit (PU), a memory comprising the program instructions of a computer program product according to claim 15.