Principe de finalité, protection des renseignements personnels et secteur public : étude sur la gouvernance des structures en réseau / Purpose principle, personal data protection and public sector : study on network-based structures governance

Duaso Calés, Rosario

14 October 2011

La question de la protection des renseignements personnels présente des enjeux majeurs dans le contexte des réseaux. Les premières lois en la matière au Canada et en Europe avaient pour base une série de principes qui sont encore aujourd’hui d’actualité. Toutefois, l’arrivée d’Internet et des structures en réseau permettant l’échange d’un nombre infini d’informations entre organismes et personnes ont changé la donne et induisent de nouveaux risques informationnels. Le principe de finalité, pierre angulaire des systèmes de protection des renseignements personnels, postule le caractère adéquat, pertinent et non excessif des informations collectées par rapport à l’objet du traitement et exige qu’elles soient uniquement utilisées à des fins compatibles avec la finalité initiale. Nous retracerons l’historique de ce principe et analyserons la manière dont la doctrine, la jurisprudence et les décisions du CPVPC comme de la CNIL ont contribué à délimiter ses contours. Nous étudierons comment ce principe se manifeste dans la structure en réseau de l’administration électronique ou du gouvernement électronique et nous relèverons les nouveautés majeures que présente l’État en réseau par rapport au modèle d’État en silo, ainsi que la nécessité d’une gouvernance adaptée à cette structure. Nous examinerons également la présence de standards juridiques et de notions à contenus variable dans le domaine de la protection des renseignements personnels et nous tenterons de montrer comment la finalité, en tant que principe ou standard, a les capacités de s’adapter aux exigences de proportionnalité, d’ajustement et de mutation continuelle qui sont aujourd’hui au coeur des défis de la gouvernance des réseaux. Finalement, il sera question de présenter quelques pistes pour l’adoption de mécanismes d’adaptation « réseautique » pour la protection des renseignements personnels et de montrer dans quelle mesure ce droit, capable de créer un cadre de protection adéquat, est également un « droit en réseau » qui possède tous les attributs du « droit post-moderne », attributs qui vont rendre possible une adaptation propre à protéger effectivement les renseignements personnels dans les structures, toujours changeantes, où circulent aujourd’hui les informations. / Personal data protection poses significant challenges in the context of networks. The first laws on this matter both in Canada and in Europe were based on a series of principles that remain valid today. Nevertheless, Internet and the development of network-based structures that enable infinite exchange of information between institutions and individuals are changing the priorities and, at the same time, present new risks related to data protection. The purpose principle,which is the personal data protection systems cornerstone, stresses the relevance and adequate yet not excessive nature of the collected information vis à vis the objective of data collection. The purpose principle also requires that the information shall not further be processed in a way incompatible with the initial purpose. We will describe the origins and evolution of this principle, as well as its present relevance and scope analysing the doctrine, jurisprudence and decisions of theOffice of the Privacy Commissioner in Canada and of the Commission nationale de l’informatique et des libertés (CNIL) in France. We will also examine how this principle is reflected in the network structure of the digital administration and of the electronic government. We will also underline the differences between a network based State and a « silo-based » State, each needing its structure of governance. Within the context of personal data protection, we will explore the presence of legal standards and of concepts with a changing nature. An effort will be made to highlight how purpose, be it as a principle or as a standard, has the capacity to adapt to the requirements of the core principles of the current network governance, such as proportionality, adjustment and continuous mutation. Finally, the objective is to reflect on some personal data protection network adaptation mechanisms, and to demonstrate how personal data protection can work in a network that includes all« post-modern law » elements that allow for true adaptation for effective personal data protection within the ever changing structures where data is being exchanged.

Protection des renseignements personnels

Vie privée

Gouvernement électronique

Internet

Standard juridique

Principe de finalité

Réseau

Gouvernance

France

Canada

Personal data protection

Privacy

Electronic government

Internet

Legal standard

Purpose principle

Network

Governance

France

Canada

Assessing information security compliant behaviour using the self-determination theory

Gangire, Yotamu

02 1900

Information security research shows that employees are a source of some of the security incidents in the organisation. This often results from failure to comply with the Information Security Policies (ISPs). The question is, therefore, how to improve information security behaviour of employees so that it complies with the ISPs. This study aims to contribute to the understanding of information security behaviour, especially how it can be improved, from an intrinsic motivation perspective. A review of the literature suggested that research in information security behaviour is still predominantly based on the extrinsic perspective, while the intrinsic perspective has not received as much attention. This resulted in the study being carried out from the perspective of the self-determination theory (SDT) since this theory has also not received as much attention in the study of information security behaviour. The study then proposed an information security compliant behaviour conceptual model based on the self-determination theory, (ISCBMSDT). Based on this model, a questionnaire, the ISCBMSDT questionnaire, was developed using the Human Aspects of Information Security Questionnaire and SDT. Using this questionnaire, a survey (n = 263) was carried out at a South African university and responses were received from the academic, administrative and operational staff. The following statistical analysis of the data was carried out: exploratory factor analysis, reliability analysis, analysis of variance (ANOVA), independent samples test (t-tests) and Pearson correlation analysis. The responses to the survey questions suggest that autonomy questions received positive perception followed by competence questions and relatedness questions. The correlation analysis results show the existence of a statistically significant relationship between competence and autonomy factors. Also, a partial significant relationship between autonomy and relatedness factors as well as between competence and relatedness factors was observed. The exploratory factor analysis that was performed on the questionnaire produced 11 factors. Cronbach alpha was then computed for the eleven factors and all were found to be above 0.7, thus suggesting that the questionnaire is valid and reliable. The results of the research study also suggest that competence and autonomy could be more important than relatedness in directing information security behaviour among employees. / School of Computing / M. Tech. (Information Technology)

Information security policies (ISP)

Information security policy compliance

Self-determination theory

Intrinsic motivation

005.80711

Information policy -- South Africa

Trendy, vývoj a percepce v kontextu programatické reklamy / Trends, development and perception in the context of programmatic advertising

Cahlík, Zdeněk

January 2019

The diploma thesis is focused on the area of Internet media, namely the monetization of advertising, which Internet provides through the programmatic purchase of an internet advertisements that are focused on Real Time Bidding (RTB). The theoretical part deals with a brief analysis of the US media landscape, especially the phenomenon of the programmatic way of buying online advertisements in connection with technological development and optimization strategies in the Internet environment. It represents the emergence of the programmatic purchase, deals with the various forms of online advertising and its development. There is an introduction to two different online media strategies of banking institutions, which are further explored within the exploratory comparative technique - experiment in the practical part. This section focuses on changing technical settings, along with changing ad buying when changing key settings as a part of the ad serving campaign. The aim of the diploma thesis is to introduce the possibilities offered by programmatic advertising within online media in the Czech Republic. It summarizes knowledge in the context of the development of electronic advertising in the application of the two online media strategies of the banking institution.

Determination of system and processes employed by the property industry to manage information ethics in Gauteng South Africa

Moropane, Itumeleng Vanessa

10 1900

The South African property sector is characterised by property practitioner firms that fail to comply with the Estate Agency Affairs Board (EAAB) code of conduct and firms having inefficient systems which are unable to combat hacking and cybercrime in the sector. Although property practitioner firms have systems and processes in place, there are still instances of unethical behaviour. Failure to prevent client personal information from being leaked is still a major problem in the sector, this issue can be addressed by demonstrating due diligence with respect to safeguarding sensitive information. The accuracy of information is also a problem in the sector and requires firms to resort to analysing collected data before capturing it, in order to maintain accuracy. The sector encounter illegal access to systems including breaking the password protected websites and password protection on a computer system. The objectives for this study were to investigate the extent to which firms enforce Information Ethics (IE), explore the systems and processes put in place by firms to enforce IE and to explore the challenges experienced by the firms in the Gauteng province when enforcing IE. The study was qualitative in nature and indepth interviews were conducted to gather information from five managers and five employees within the firm situated in Gauteng province. The study found that these property practitioner firms enforce IE to a certain extent. These firms use (22) systems and processes to enforce IE and experienced (5) challenges during the enforcement of IE. The study concludes that these property practitioner firms enforce IE using different systems and processes and experience challenges during enforcement. The list of IE enforcement systems and processes and challenges identified in this study will assist policy makers in compiling IE policies. The findings will also assist firms in IE enforcement and reduction of IE enforcement challenges. / Business Management / M. Com. (Business Management)

Information ethics

Privacy management systems and processes

Ethical challenges and dilemmas

Property practitioner firms

Property industry

Cybercrime

658.4038096822

Trendy, vývoj a percepce v kontextu programatické reklamy / Trends, development and perception in the context of programmatic advertising

Cahlík, Zdeněk

January 2019

The diploma thesis is focused on the area of Internet media, namely the monetization of advertising, which Internet provides through the programmatic purchase of an internet advertisements that are focused on Real Time Bidding (RTB). The theoretical part deals with a brief analysis of the US media landscape, especially the phenomenon of the programmatic way of buying online advertisements in connection with technological development and optimization strategies in the Internet environment. It represents the emergence of the programmatic purchase, deals with the various forms of online advertising and its development. There is an introduction to two different online media strategies of banking institutions, which are further explored within the exploratory comparative technique - experiment in the practical part. This section focuses on changing technical settings, along with changing ad buying when changing key settings as a part of the ad serving campaign. The aim of the diploma thesis is to introduce the possibilities offered by programmatic advertising within online media in the Czech Republic. It summarizes knowledge in the context of the development of electronic advertising in the application of the two online media strategies of the banking institution.

Securing sensor network

Zare Afifi, Saharnaz

January 2014

Indiana University-Purdue University Indianapolis (IUPUI) / A wireless sensor network consists of lightweight nodes with a limited power source. They can be used in a variety of environments, especially in environments for which it is impossible to utilize a wired network. They are easy/fast to deploy. Nodes collect data and send it to a processing center (base station) to be analyzed, in order to detect an event and/or determine information/characteristics of the environment. The challenges for securing a sensor network are numerous. Nodes in this network have a limited amount of power, therefore they could be faulty because of a lack of battery power and broadcast faulty information to the network. Moreover, nodes in this network could be prone to different attacks from an adversary who tries to eavesdrop, modify or repeat the data which is collected by other nodes. Nodes may be mobile. There is no possibility of having a fixed infrastructure. Because of the importance of extracting information from the data collected by the sensors in the network there needs to be some level of security to provide trustworthy information. The goal of this thesis is to organize part of the network in an energy efficient manner in order to produce a suitable amount of integrity/security. By making nodes monitor each other in small organized clusters we increase security with a minimal energy cost. To increase the security of the network we use cryptographic techniques such as: public/ private key, manufacturer signature, cluster signature, etc. In addition, nodes monitor each other's activity in the network, we call it a "neighborhood watch" In this case, if a node does not forward data, or modifies it, and other nodes which are in their transmission range can send a claim against that node.

Cluster-Base Network

Threshold Signature

Data Aggregation

Wireless Network

Ad-hoc Network

Neighborhood Watch

Threshold signatures -- Research

Computer networks -- Security measures

Wireless communication systems

Wireless LANs

Group signatures (Computer security)

Data protection

Computer security -- Management

Sensor networks -- Research

Pattern recognition systems

Computers -- Access control

Computer network protocols

美國財務資訊隱私權保護規定之研究 / A Study of American Regulations on the Protection of Credit Information Privacy

陳妍沂, Chen,Yen Yi

Unknown Date

本研究探討金融機構對於客戶個人資料之蒐集與處理,所涉及之個人資訊隱私權保護議題,分為三個面向,第一是金融機構本身對於客戶個人資料之處理,尤其是金融集團內部之個人資料分享,或將個人資料提供予他人使用,第二是政府機關向金融機構要求提供客戶資料時,涉及之個人資訊隱私權保護,第三是信用資料機構對於個人資料之處理,例如我國之金融聯合徵信中心,或美國之信用報告機構對於消費者信用報告之蒐集與流通使用. 本研究所探討之法規,包括:美國金融服務業現代化法案第五章,美國財務隱私權法,美國公平信用報告法,我國電腦處理個人資料保護法,銀行法第四十八條第二項,以及其他金融法令中涉及金融機構對個人資料處理及隱私權保護之規定.最後並將美國規定與我國規定作一比較,參酌國際上對於資訊隱私權保護之立法原則,以及我國常見之資訊隱私權爭議類型,對我國金融機構之財務資訊隱私權保護規範,提出修法方向建議. / 隨著資訊科技之發展，個人資料之流通較以往普遍且迅速，加以在商業社會中，個人資訊具有行銷方面之商品價值，常成為交易標的之內容，因此保護個人資訊隱私權，已成為各國政府共同努力的目標之一。 隱私權的概念係起源於美國，其在金融業所適用之個人財務資訊隱私權方面所提供之保障程度如何，為本研究所探討之主題，所涉及之法規，包括：美國金融服務業現代化法案、財務隱私權法、公平信用報告法。 研究結果發現，美國1999年通過之金融服務業現代化法案，雖訂有隱私權保護專章，但主要規定係要求金融機構應提供顧客隱私權保護政策通知，以及在將個人資料提供予金融集團外第三人時，應提供顧客選擇退出之機會，並未涵蓋國際上認為資訊隱私權保護應包括之各種面向，且其對於金融集團運用個人資料之限制較少，消費者控制個人資訊之權利較為不足，當金融機構違反規定時，消費者亦無向金融機構提起民事訴訟求償之權利，顯示美國在金融集團之個人資料運用方式，較重視金融集團運用個人資料所能產生之經濟效益，對於個人資訊隱私權僅提供有限程度之保障。 美國1978年財務隱私權法，係規定求政府在向金融機構要求提供顧客財務紀錄時，應遵守法定程序，包括：以法定職掌所需之攸關性資料為限，必須向顧客進行通知，使其瞭解受調查之性質以及個人資料被使用情形，個人並有提出異議以阻止政府取得其財務紀錄之機會，若政府或金融機構違反規定而取得或提供其財務紀錄，個人得向政府或金融機構提起民事訴訟求償。雖然仍有學者對該規定所提供之保障範圍或者個人行使權利之便利性，提出些微批評，但整體而言，該規定促使政府部門在向金融機構要求提供顧客財務紀錄時，應自行檢視符合法定程序，且受到司法監督，對於政府所進行之調查程序，已提供較合理之個人資訊隱私權保障。 美國公平信用報告法，係因其商業化的信用資訊機構，在蒐集與流通個人資料時，有過度侵害個人資訊隱私權之虞，故於1970年通過該法案，其後歷經1996年及2003年之修正。該法規定消費者報告機構（即信用資訊機構）、消費者報告使用者、個人資料提供者應遵循之義務，以及消費者得享有之權利，用以維護個人資訊隱私權之方法，主要是限制消費者報告僅得提供予具有合法用途之報告使用者，以及儘可能的維護個人資料之正確性，以免報告使用者依據錯誤的資料，作成相關交易決定，而損及個人之權益。該法案呈現出美國對於個人資料之態度，是認為個人資料之流通使用，對於商業交易之順利進行以及經濟發展，甚至個人順利取得融資，均有助益，故不應予以嚴格限制，以享受資訊產生之價值，但另一方面提供個人得以知悉其個人資料內容、得以提出資料更正要求、報告使用者對個人作成不利交易決定時須通知報告當事人，用這些機制，來使個人有機會確保其資料之正確性，使其在商業交易中得以受到公平合理之信用評價。 本研究最後亦就我國相關規定加以檢視，並與美國規定作一比較，結果發現，我國由於早在民國84年即已通過電腦處理個人資料保護法，對於個人資訊隱私權已提供全面性之保障，僅須對於金融業或信用資訊機構部分，再補充較為詳細的行政規定，即可減少金融業之個人資訊隱私權爭議；至於政府向金融機構要求提供顧客財務紀錄之規定，我國目前係以行政函令加以規範，且採取非公開原則，民眾尚無從知悉其個人資料被政府調閱取用之情形，此部分我國之個人資訊隱私權保障，主要係仰賴政府部門之自我監督，其對個人資訊隱私權之保障程度較難以評估。 本研究對於我國金融業財務隱私權保護規範之主要建議，包括：（1）針對金融業之資料保護進行領域專精化之法令規範，（2）設置專責「資料保護監察人」制度監督政府個人資料保護行為，並確保人民隱私權受侵害之救濟，（3）改善金融機構向客戶通知其個人資料蒐集與運用事宜之程序，（4）對於政府取得金融機構客戶資料提供更完善之程序性保障，（5）對於金融聯合徵信中心蒐集處理個人資料賦予更明確之法律地位及規範。

資訊隱私權

個人資料保護

電腦處理個人資料保護法

信用報告

隱私權

公平信用報告法

財務隱私權法

個人資料

information privacy

personal data protection

GLB Act

credit reports

privacy

Fair Credit Reporting Act

FCRA

Right to Financial Privacy Act

銀行國際傳輸客戶資料保護規範--以英國法為中心 / The study of the regulations on the protection of international data transfers in U.K. banks

林詩韻, Lin, Shih Yun

Unknown Date

隨著資訊技術之快速發展及受到金融交易全球化之影響，在營運模式及法令遵循之需求下，使得銀行業將客戶個人資料跨境傳輸至其他國家之公務或非公務機關所產生之資料保護或對資訊隱私權衝擊等議題漸增。為調和不同國家間對於個人資料保護文化及規範程度之差異，各國及各國際組織間均致力於如何在不影響商業交易需要、個人資料隱私安全及資訊自由流通之前提下，經由適當法律規範對於資料管理者國際傳輸個人資料之行為，予以適當控管。 隱私權之概念雖起源於美國，惟現行各國對於個人資料國際傳輸保護規範仍以歐盟委員會於1995年發布之個人資料隱私保護指令（Directive 95/46/EC）最為重要且影響層面較大。在歐盟指令仍須各會員國將其轉化為國內法，始得有效執行之前提下，本研究以金融服務產業發展較為領先之國家—英國，以英國銀行業適用之個人資料國際傳輸保護規範為研究主題，所涉法規包括：歐盟指令、英國1998年資料保護法（Data Protection Act, DPA）及英國金融服務業適用之相關規範等。 研究結果發現，英國1998年資料保護法在參照歐盟指令之相關規範下，對於資料管理者將個人資料國際傳輸已訂有相關限制規定及如何符合相關豁免規定之作業流程及評估程序，英國專責資料保護之監理機關（資訊自由及保護委員會），並已依據歐盟指令，發布規定授權英國企業得採用標準契約範本及經其個案核准採用共同約束條款，顯示英國對於國際傳輸之個人資料已有一定程度之保障。惟如同歐盟委員會之研究報告所述，英國相對於歐盟其他會員國，並未將國際傳輸規範明訂於資料保護法之本文，對於當事人資訊隱私權保護之法律位階，仍有待加強。 不同於我國係於銀行法明定銀行對客戶資料之保密義務，英國法院認為銀行對於客戶資料之保密責任，原始存在於銀行與客戶間之契約。惟英國與我國相同於金融相關法令中僅針對銀行境外委外所涉之國際傳輸訂有相關監理規範（包括境外委外事先申請核准、申請程序及應檢附之文件），以透過銀行與委外服務供應商之委外契約，確保金融監理機關能跨國有效行使其監理權限，保護當事人之權益，至於銀行因非委外事項，將客戶資料跨境傳輸至其他國家時，仍應回歸適用資料保護法有關國際傳輸之相關規定。 本研究最後就我國與英國對於個人資料國際傳輸相關保護規範之比較結果發現，我國個人資料保護法雖已於99年修正發布（新個資法），但對於國際傳輸之限制規定，修法後雖已明定國際傳輸之定義及加重非公務機關違反國際傳輸規定之罰則，惟未修正其實質規範內容，仍僅授權中央目的事業主管機關於非公務機關有第21條所列四項情形之一時，得限制其進行國際傳輸。在新個資法下，非公務機關對於個人資料之國際傳輸，已無須取得目的事業主管機關登記，並取得執照，雖有利於資料之國際流通，惟為保護當事人個人資料於傳輸後之安全，我國是否尚須其他配套措施，以落實個人資料於國際傳輸層面之保障，值得深思。 本研究對於我國銀行業國際傳輸個人資料保護規範之主要建議，包括（1）宜透過各中央目的事業主管機關對被監理機構之監理及其與相關公益團體間之合作，以強化各界對於個人資料保護之重視，（2）國際傳輸之限制規定應予細緻化，並透過產業自治逐步達成個人資料保護之目的，（3）金融監理機關宜配合個人資料保護法之修正，訂定銀行業國際傳輸之作業規範，（4）宜透過租稅合作協定，在不違反我國個人資料保護法及銀行法之原則下，協助我國金融機構解決美國「外國帳戶稅收遵從法」之實施，衍生對於個人財務資訊隱私權及跨境傳輸個人資料保護之問題。

資訊隱私權

國際傳輸

個人資料保護

標準契約範本

共同約束條款

境外委外

information privacy

international transfer

personal data protection

Standard Contractual Clauses

Binding Corporate Rules

offshore outsourcing

APEC Cross-border Privacy Rules

Confidentialité et prévention de la criminalité financière : étude de droit comparé / Confidentialy and financial crime prevention

Bègue, Guillaume

16 June 2016

La tendance contemporaine vers plus de transparence dans la vie des affaires illustre une désaffection générale pour toute forme de confidentialité. Toutefois, cette dernière bénéficie de traductions juridiques dont les sources lui confèrent une indéniable légitimité. Cette observation doit amener à reconnaître l'existence d'un "principe de confidentialité". La rencontre des normes sur la prévention de la criminalité financière avec le principe de confidentialité est source d'insécurité juridique, non seulement pour les professionnels assujettis aux obligations de lutte anti-blanchiment et contre le financement du terrorisme, mais également pour tous les individus dont les données son traitées dans ce cadre. Ces deux blocs de normes aux logiques contradictoires tendant pourtant vers des objectifs communs : le respect des droits fondamentaux. Néanmoins, les excès liés à l'utilisation potentiellement illicite des outils juridiques offerts par l'un, et les défauts des dispositions constituant l'autre, font obstacle à l'application efficace et mesurée du droit. Cette étude se propose d'analyser ces principes antagonistes pour mieux envisager leur équilibre latent au moyen de solutions préservant leurs intérêts propres et concourant à l'amélioration de la sécurité juridique. Dans cette optique, l'exercice de droit comparé permet de parfaire l'interprétation des obligations de vigilance tout en plaidant la réhabilitation du principe de confidentialité. Il témoigne de l'émergence d'un véritable "droit du blanchiment", et en particulier de son volet préventif qui occupe désormais une place prépondérante dans le domaine de la régulation bancaire et financière. / The recent trend towards transaprency in business highlights a more global disenchantment with the concept of secrecy. The concept of secrecy benefits from various legal expressions whose origins give it as undisputable legitimacy. This observation leads us to recognise the existence of a "Principle of confidentiality". The clash betxeen the rules of Financial Crime prevention and this principle of confidentiality is causing legal uncertainty not only for professional subject to Anti-money laundering and counter-terrorism financing regulations but also gor persons whose data is being processed. These two sets of conflicting rules nevertheless share a common goal, namely to ensure respect for fundamental rights. Notwithstanding this, both the risk of abuse of legal instruments offered by one set for illegitimate purposes and the shortcomings attached to the other set potentially hinder the efficient and reasonable use of Law. This study aims at analysing antagonistic principles to reach a certain balance by applying solutions which preserve their respective interests and contribute to legal certainty. In this regard, the comparative law analysis helps better interpret customer due diligence measures whilst rehabilitating the arguments in favour of the principle of confidentiality. This shows the development of e genuine AML/CFT Law and in particular its preventive aspects that form a major part of the Banking and Financial Regulations.

Confidentialité

Secret bancaire

Trust

Sécurité financière

Devoir de vigilance

Déclaration de soupçon

Vie privée

Protection des données

Société

Paradis fiscaux

Obligations professionnelles

Dissimulation

Anonymat

Echange d'information fiscale

Blanchiment de capitaux

Confidentiality

Banking secrecy

Privacy

Data protection

Tax heavens

Trust

Company

Professional measures

Financial crime prevention

Money laundering

Terrorism financing

Financial security

Concealment

Anonymity

Exchange of tax information

Due diligence

Suspicious activity report

343

Information-Theoretic aspects of quantum key distribution

Van Assche, Gilles

26 April 2005

<p>La distribution quantique de clés est une technique cryptographique permettant l'échange de clés secrètes dont la confidentialité est garantie par les lois de la mécanique quantique. Le comportement particulier des particules élémentaires est exploité. En effet, en mécanique quantique, toute mesure sur l'état d'une particule modifie irrémédiablement cet état. En jouant sur cette propriété, deux parties, souvent appelées Alice et Bob, peuvent encoder une clé secrète dans des porteurs quantiques tels que des photons uniques. Toute tentative d'espionnage demande à l'espion, Eve, une mesure de l'état du photon qui transmet un bit de clé et donc se traduit par une perturbation de l'état. Alice et Bob peuvent alors se rendre compte de la présence d'Eve par un nombre inhabituel d'erreurs de transmission.</p><p><p><p>L'information échangée par la distribution quantique n'est pas directement utilisable mais doit être d'abord traitée. Les erreurs de transmissions, qu'elles soient dues à un espion ou simplement à du bruit dans le canal de communication, doivent être corrigées grâce à une technique appelée réconciliation. Ensuite, la connaissance partielle d'un espion qui n'aurait perturbé qu'une partie des porteurs doit être supprimée de la clé finale grâce à une technique dite d'amplification de confidentialité.</p><p><p><p>Cette thèse s'inscrit dans le contexte de la distribution quantique de clé où les porteurs sont des états continus de la lumière. En particulier, une partie importante de ce travail est consacrée au traitement de l'information continue échangée par un protocole particulier de distribution quantique de clés, où les porteurs sont des états cohérents de la lumière. La nature continue de cette information implique des aménagements particuliers des techniques de réconciliation, qui ont surtout été développées pour traiter l'information binaire. Nous proposons une technique dite de réconciliation en tranches qui permet de traiter efficacement l'information continue. L'ensemble des techniques développées a été utilisé en collaboration avec l'Institut d'Optique à Orsay, France, pour produire la première expérience de distribution quantique de clés au moyen d'états cohérents de la lumière modulés continuement.</p><p><p><p>D'autres aspects importants sont également traités dans cette thèse, tels que la mise en perspective de la distribution quantique de clés dans un contexte cryptographique, la spécification d'un protocole complet, la création de nouvelles techniques d'amplification de confidentialité plus rapides à mettre en œuvre ou l'étude théorique et pratique d'algorithmes alternatifs de réconciliation.</p><p><p><p>Enfin, nous étudions la sécurité du protocole à états cohérents en établissant son équivalence à un protocole de purification d'intrication. Sans entrer dans les détails, cette équivalence, formelle, permet de valider la robustesse du protocole contre tout type d'espionnage, même le plus compliqué possible, permis par les lois de la mécanique quantique. En particulier, nous généralisons l'algorithme de réconciliation en tranches pour le transformer en un protocole de purification et nous établissons ainsi un protocole de distribution quantique sûr contre toute stratégie d'espionnage.</p><p><p><p>Quantum key distribution is a cryptographic technique, which allows to exchange secret keys whose confidentiality is guaranteed by the laws of quantum mechanics. The strange behavior of elementary particles is exploited. In quantum mechnics, any measurement of the state of a particle irreversibly modifies this state. By taking advantage of this property, two parties, often called Alice and bob, can encode a secret key into quatum information carriers such as single photons. Any attempt at eavesdropping requires the spy, Eve, to measure the state of the photon and thus to perturb this state. Alice and Bob can then be aware of Eve's presence by a unusually high number of transmission errors.</p><p><p><p>The information exchanged by quantum key distribution is not directly usable but must first be processed. Transmission errors, whether they are caused by an eavesdropper or simply by noise in the transmission channel, must be corrected with a technique called reconciliation. Then, the partial knowledge of an eavesdropper, who would perturb only a fraction of the carriers, must be wiped out from the final key thanks to a technique called privacy amplification.</p><p><p><p>The context of this thesis is the quantum key distribution with continuous states of light as carriers. An important part of this work deals with the processing of continuous information exchanged by a particular protocol, where the carriers are coherent states of light. The continuous nature of information in this case implies peculiar changes to the reconciliation techniques, which have mostly been developed to process binary information. We propose a technique called sliced error correction, which allows to efficiently process continuous information. The set of the developed techniques was used in collaboration with the Institut d'Optique, Orsay, France, to set up the first experiment of quantum key distribution with continuously-modulated coherent states of light.</p><p><p><p>Other important aspects are also treated in this thesis, such as placing quantum key distribution in the context of a cryptosystem, the specification of a complete protocol, the creation of new techniques for faster privacy amplification or the theoretical and practical study of alternate reconciliation algorithms.</p><p><p><p>Finally, we study the security of the coherent state protocol by analyzing its equivalence with an entanglement purification protocol. Without going into the details, this formal equivalence allows to validate the robustness of the protocol against any kind of eavesdropping, even the most intricate one allowed by the laws of quantum mechanics. In particular, we generalize the sliced error correction algorithm so as to transform it into a purification protocol and we thus establish a quantum key distribution protocol secure against any eavesdropping strategy.</p> / Doctorat en sciences appliquées / info:eu-repo/semantics/nonPublished

Sciences de l'ingénieur

Electronique générale

Information theory

Data protection

Quantum computers

Cryptography -- Data processing

Computer security

Data encryption (Computer science)

Source code (Computer science)

Théorie de l'information

Ordinateurs quantiques

Cryptographie -- Informatique

Sécurité informatique

Chiffrement (Informatique)

Programme source (Informatique)

cryptographie quantique

distribution quantique de clés

quantum key distribution

security

reconciliation

source coding

quantum cryptography

privacy amplification

entanglement purification

purification d'intrication

sécurité

théorie de l'information

information theory

quantum information theory

cryptography

réconciliation

cryptographie

codage source

amplification de confidentialité

théorie de l'information quantique