Method and apparatus for validating a digital signature
First Claim
1. A system for verifying a digital signature, comprising:
- a first computer having a certificate and a signed message;
a second computer configured to receive the certificate and the signed message; and
a third computer configured to receive the certificate and the signed message from the second computer for a validation request, to validate the certificate and to generate a certificate validation statement in response thereto, and to provide an acknowledgement and a public key to the second computer, the acknowledgement comprising in part the certificate validation statement, the signed message, a first proof portion having a confirmation associated with the certificate validation statement and the signed message in combination, and a second proof portion having a signed digest having the confirmation as part of a set of confirmations.
1 Assignment
0 Petitions
Accused Products
Abstract
Method and system are described for validating a digital signature. More particularly, a signed message and a corresponding certificate are received. The certificate is checked for validation. A validation statement is generated, and the certificate validation and the signed message provide a status. This status represents a request for validation, and is provided along with a set of validations among which such status is an element. A digest is generated using a Merkle authentication tree corresponding to the set of validations, and this digest is signed with a private key. Accordingly, a notary may provide the signed digest, status and the set of validations for subsequent confirmation of the digital signature.
-
Citations
16 Claims
-
1. A system for verifying a digital signature, comprising:
-
a first computer having a certificate and a signed message;
a second computer configured to receive the certificate and the signed message; and
a third computer configured to receive the certificate and the signed message from the second computer for a validation request, to validate the certificate and to generate a certificate validation statement in response thereto, and to provide an acknowledgement and a public key to the second computer, the acknowledgement comprising in part the certificate validation statement, the signed message, a first proof portion having a confirmation associated with the certificate validation statement and the signed message in combination, and a second proof portion having a signed digest having the confirmation as part of a set of confirmations. - View Dependent Claims (2, 3, 4)
-
-
5. A system for verifying a digital signature, comprising:
-
a plurality of first computers each having a certificate of a set of certificates and a respective signed message signed in association with the certificate;
a plurality of second computers in communication with the first computers and configured to receive respective certificates and associated signed messages; and
a third computer in communication with the second computers and configured to receive validation requests for the certificates and the signed messages from the plurality of second computers, the third computer configured to validate the certificates, to generate a certificate validation statements, and to provide each of the second computers an acknowledgement and a public key, the acknowledgement comprising in part a certificate validation statement, the signed message, a first proof portion having a confirmation associated with the certificate validation statement and the signed message in combination, and a second proof portion having a signed digest having the confirmation as part of a set of confirmations for the second computers. - View Dependent Claims (6)
-
-
7. A method for validating a signature of a signed message corresponding to a certificate, comprising;
-
providing validation information to a notary;
validating the certificate to create a certificate validation;
generating a confirmation in response to the certificate validation;
maintaining a set of confirmations where the confirmation is an element of the set;
generating a digest for the set of confirmations; and
signing the digest with a private key to create a signed digest. - View Dependent Claims (8, 9, 10)
-
-
11. A process for verifying a digital signature of an associated dated certificate in a system having a certificate authority, a notary and a time stamping authority, the certificate authority providing the notary with information on a plurality of dated certificates, the process comprising:
-
receiving a time-stamped signed message and a portion of the dated certificate;
using the portion of the dated certificate to locate the dated certificate from among the plurality of dated certificates;
validating the dated certificate as to time, date and non-revoked status;
providing a validation dated certificate and the time-stamped signed message as a status; and
signing the status with a private key. - View Dependent Claims (12)
-
-
13. A signal-bearing medium containing a program which, when executed by a processor in response to receiving a certificate, a signed message corresponding to the certificate and a request for validation, causes execution of a method comprising:
-
validating the certificate to create a certificate validation;
generating a confirmation in response to the certificate validation;
maintaining a set of confirmations where the confirmation is an element of the set;
generating a digest for the set of confirmations; and
signing the digest with a private key to create a signed digest.
-
-
14. A process for verifying a digital signature of an associated dated certificate in a system having a certificate authority and a notary, the certificate authority providing the notary with information on a plurality of dated certificates, the process comprising:
-
providing a signed first status, the signed first status including a message and the dated certificate;
providing at least a portion of the dated certificate;
using the portion of the dated certificate to locate the dated certificate from among the plurality of dated certificates;
validating the dated certificate as to date and non-revoked status;
providing a validation dated certificate and the signed first status as an unsigned status;
adding the unsigned status into a set of statuses for the date; and
signing the unsigned status with a private key to provide a signed second status. - View Dependent Claims (15, 16)
-
Specification