Dynamic pseudonymization method for user data profiling networks and user data profiling network implementing the method

The invention claimed is: 1. A dynamic pseudonymization method for a data profiling network that includes a data node configured to receive input data related to users and to transform said input data into an output user data profile related to the users, said data node comprising user data records that store input data related to the users together with dynamic input pseudonyms of the users, and said data node configured to compute said output user data profile related to a user from said input data and to store the computed output data profile in said user data records thereof, the method comprising: receiving, at said data node, a new input data related to the user along with an associated new user pseudonym and an old user pseudonym that was associated with a previously received input data related to the user in the past, or a set of candidate old user pseudonyms, the new input data received from at least one data source node of the data profiling network, or from at least one other data node of the data profiling network; first searching, in said data node, for a user data record corresponding to the received new input data as said user data record having stored therein a dynamic input user pseudonym equal to the old user pseudonym received together with the new input data or to one user pseudonym belonging to the received set of candidate old user pseudonyms; storing the new input data in the user data record found in the first searching; setting the dynamic input user pseudonym, stored in said user data record of said data node, to be equal to a last received new user pseudonym associated with the received input data related to the user; ascertaining, by said data node upon when user data record is not found in the first searching that includes the old user pseudonym received along with the new input data or the one user pseudonym received along with the new input data, whether a user data record corresponding to the user already exists, and computing, at given times, said output user data profile by: using the new input data accumulated in said user data record; storing the computed output user data profile in said user data record; and then erasing said accumulated new input data from said user data record, wherein the data profiling network includes at least one pseudonymization node configured to: receive, from the at least one data source node, user identities that identify the user in the at least one data source node, the user identities comprising one or more identifiers of the users known to the at least one data source node; generate user pseudonyms from the received user identities; and provide to the at least one data source node the generated user pseudonyms, said user data record is configured to store input data related to the user received from at least one other data source in the past, and the ascertaining comprises exploiting the old user pseudonym or the set of candidate old user pseudonyms received along with the new input data, and performing a forward flooding process that includes: sending, by said data node forward to all other data nodes connected to the at least one pseudonymization node, a request that includes equivalent pseudonyms of the user; second searching, by said data node when inputs of said data node receives one or more requests that include equivalent pseudonyms from at least one other data node connected thereto, for said user data record storing one of the received equivalent pseudonyms as input user pseudonyms; using, by said data node when said user data record is found in the second searching and said data node is said data node receiving the new input data, the found user data record for storing the received new input data; and continuing the forward flooding process, when said user data record is found in the second searching and said data node is different from said data node receiving the new input data, by sending forward an output user pseudonyms stored in said user data record to all the other data nodes connected to the output of said data node. 2. The method of claim 1 , further comprising: generating and storing, by said data node in said user data record, a dynamic output user pseudonym together with the computed output user data profile; and sending said output user data profile to at the least one other data node in the data profiling network, to generate a new value of said dynamic output user pseudonym, substitute the new value of said dynamic output user pseudonym for a previously stored old value of said dynamic output user pseudonym, and send to the at least one other data node both the old and the new values of said dynamic output user pseudonym together with said output user data profile. 3. The method of claim 1 , wherein the generated user pseudonyms are generated as random or pseudorandom values, or keyed values generated by a keyed function from user identities and a secret key. 4. The method at claim 3 , wherein at least one pseudonymization node encrypts and authenticates the generated user pseudonyms to be provided to the at least one data source node. 5. The method of claim 3 , wherein the generated random or pseudorandom user pseudonyms are stored at the at least one pseudonymization node in association with the corresponding user identities. 6. The method of claim 1 , wherein the user identities are different for different data source nodes, and the method further comprises providing, in the data profiling network, at least one equivalent user identities managing node that manages as equivalents different identities of a same user corresponding to different data sources source nodes. 7. The method of claim 6 , wherein when the new input data is received by said data node from the at least one data source node, said ascertaining further comprises: sending, by said data node, backwards a request to the at least one data source node for obtaining equivalent pseudonyms of the user, said request including the old user pseudonym or the set of candidate old user pseudonyms; controlling the at least one data source node to recover the user identity temporarily stored therein, send the recovered user identity to the equivalent user identities managing node, and request to the equivalent user identities managing node to provide the equivalent identities of the user to the at least one pseudonymization node; and controlling the at least one pseudonymization node to retrieve the equivalent pseudonyms of the user and then send them to the at least one data source nodes connected thereto. 8. The method of claim 6 , wherein when the new input data is received by said data node from the at least one other data node, said ascertaining comprises performing a backtracking process, an equivalent pseudonyms recovery process, and the forward flooding process, the backtracking process comprising: sending, by said data node, backwards a request to the at least one other data node for obtaining equivalent pseudonyms of the user, said request including the old user pseudonym or the set of candidate old user pseudonyms; controlling the at least one other data node to search for said user data record storing one of the received old user pseudonyms as output user pseudonym and then send backwards at least one request to any other data nodes connected to the at least one data node inputs, said request including the input user pseudonym stored in the said user data record; searching, by said data node when an output of a data node in the data profiling network receives a request from any other data node connected thereto, for said user data record storing the received user pseudonym as output user pseudonym and then send backwards at least one request to any of the other data nodes or any dat