System And Method For Long-Term Digital Signature Verification Utilizing Light Weight Digital Signatures
First Claim
1. A computer-implemented method, comprising:
- receiving a digital signature of data and of a signing time of the digital signature;
receiving a first digital certificate comprising information for verifying the digital signature, wherein the first digital certificate has an expiration time;
receiving a current certificate revocation list (CRL) issued by a certificate authority after expiration of the first digital certificate, the CRL comprising revocation information for a plurality of revoked digital certificates including expired digital certificates, wherein the revocation information is up to date as of the time of issuance by the certificate authority, wherein at the time of issuance by the certificate authority the revocation information of the CRL indicates whether the expired first digital certificate has been revoked and indicates a revocation time if the expired digital certificate has been revoked; and
subsequent to the expiration time of the first digital certificate, determining that said digital signature is valid, wherein said determining comprises evaluating the CRL to determine that the first digital certificate was not revoked at said signing time.
2 Assignments
0 Petitions
Accused Products
Abstract
Various embodiments of a system and method for long-term digital signature verification utilizing light weight digital signatures are described. Embodiments may include a verifying entity system that receives digitally signed data including a portion of data, signing time, and digital signature. The verifying entity system may receive a digital certificate that includes information for verifying the digital signature and an expiration time for the certificate. The verifying entity system may receive CRL that persists revocation information corresponding to ones of the revoked digital certificates that have already expired. The verifying entity system may utilize the CRL to determine that the digital signature is valid subsequent to its expiration time. The verifying entity system may evaluate the CRL to determine that the digital certificate was not revoked at the signing time. The verifying entity system may determine the digital signature is a valid digital signature and generate a corresponding result.
40 Citations
31 Claims
-
1. A computer-implemented method, comprising:
-
receiving a digital signature of data and of a signing time of the digital signature; receiving a first digital certificate comprising information for verifying the digital signature, wherein the first digital certificate has an expiration time; receiving a current certificate revocation list (CRL) issued by a certificate authority after expiration of the first digital certificate, the CRL comprising revocation information for a plurality of revoked digital certificates including expired digital certificates, wherein the revocation information is up to date as of the time of issuance by the certificate authority, wherein at the time of issuance by the certificate authority the revocation information of the CRL indicates whether the expired first digital certificate has been revoked and indicates a revocation time if the expired digital certificate has been revoked; and subsequent to the expiration time of the first digital certificate, determining that said digital signature is valid, wherein said determining comprises evaluating the CRL to determine that the first digital certificate was not revoked at said signing time. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system, comprising:
-
a memory; and one or more processors coupled to the memory, wherein the memory comprises program instructions executable by the one or more processors to; receive a digital signature of data and of a signing time of the digital signature; receive a first digital certificate comprising information for verifying the digital signature, wherein the first digital certificate has an expiration time; receive a current certificate revocation list (CRL) issued by a certificate authority after expiration of the first digital certificate, the CRL comprising revocation information for a plurality of revoked digital certificates including expired digital certificates, wherein the revocation information is up to date as of the time of issuance by the certificate authority;
wherein at the time of issuance by the certificate authority the revocation information of the CRL indicates whether the expired first digital certificate has been revoked and indicates a revocation time if the expired digital certificate has been revoked; andsubsequent to the expiration time of the first digital certificate, determine that said digital signature is valid, wherein said determining comprises evaluating the CRL to determine that the first digital certificate was not revoked at said signing time. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A non-transitory computer-readable storage medium, storing program instructions computer-executable to:
-
receive a digital signature of data and of a signing time of the digital signature; receive a first digital certificate comprising information for verifying the digital signature, wherein the first digital certificate has an expiration time; receive a current certificate revocation list (CRL) issued by a certificate authority after expiration of the first digital certificate, the CRL comprising revocation information for a plurality of revoked digital certificates including expired digital certificates, wherein the revocation information is up to date as of the time of issuance by the certificate authority, wherein at the time of issuance by the certificate authority the revocation information of the CRL indicates whether the expired first digital certificate has been revoked and indicates a revocation time if the expired digital certificate has been revoked; and subsequent to the expiration time of the first digital certificate, determine that said digital signature is valid, wherein said determining comprises evaluating the CRL to determine that the first digital certificate was not revoked at said signing time. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
-
-
31. A computer-implemented method, comprising:
-
executing instructions on a specific apparatus so that binary digital electronic signals representing a digital signature of data and of a signing time of the digital signature are received; executing instructions on said specific apparatus so that binary digital electronic signals representing a first digital certificate are received, wherein the first digital certificate comprises information for verifying the digital signature, wherein the first digital certificate has an expiration time; executing instructions on said specific apparatus so that binary digital electronic signals representing a current certificate revocation list (CRL) issued by a certificate authority after expiration of the first digital certificate are received including revocation information for a plurality of revoked digital certificates including expired digital certificates wherein the revocation information is up to date as of the time of issuance by the certificate authority, wherein at the time of issuance by the certificate authority the revocation information of the CRL indicates whether the expired first digital certificate has been revoked and indicates a revocation time if the expired digital certificate has been revoked; and subsequent to the expiration time of the first digital certificate, executing instructions on said specific apparatus to determine that said digital signature is valid, wherein said determining comprises evaluating the CRL to determine that the first digital certificate was not revoked at said signing time.
-
Specification