System And Method For Long-Term Digital Signature Verification Utilizing Light Weight Digital Signatures

US 20130132718A1
Filed: 04/28/2009
Published: 05/23/2013
Est. Priority Date: 04/28/2009
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method, comprising:

receiving a digital signature of data and of a signing time of the digital signature;

receiving a first digital certificate comprising information for verifying the digital signature, wherein the first digital certificate has an expiration time;

receiving a current certificate revocation list (CRL) issued by a certificate authority after expiration of the first digital certificate, the CRL comprising revocation information for a plurality of revoked digital certificates including expired digital certificates, wherein the revocation information is up to date as of the time of issuance by the certificate authority, wherein at the time of issuance by the certificate authority the revocation information of the CRL indicates whether the expired first digital certificate has been revoked and indicates a revocation time if the expired digital certificate has been revoked; and

subsequent to the expiration time of the first digital certificate, determining that said digital signature is valid, wherein said determining comprises evaluating the CRL to determine that the first digital certificate was not revoked at said signing time.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Various embodiments of a system and method for long-term digital signature verification utilizing light weight digital signatures are described. Embodiments may include a verifying entity system that receives digitally signed data including a portion of data, signing time, and digital signature. The verifying entity system may receive a digital certificate that includes information for verifying the digital signature and an expiration time for the certificate. The verifying entity system may receive CRL that persists revocation information corresponding to ones of the revoked digital certificates that have already expired. The verifying entity system may utilize the CRL to determine that the digital signature is valid subsequent to its expiration time. The verifying entity system may evaluate the CRL to determine that the digital certificate was not revoked at the signing time. The verifying entity system may determine the digital signature is a valid digital signature and generate a corresponding result.

40 Citations

View as Search Results

31 Claims

1. A computer-implemented method, comprising:
- receiving a digital signature of data and of a signing time of the digital signature;
  
  receiving a first digital certificate comprising information for verifying the digital signature, wherein the first digital certificate has an expiration time;
  
  receiving a current certificate revocation list (CRL) issued by a certificate authority after expiration of the first digital certificate, the CRL comprising revocation information for a plurality of revoked digital certificates including expired digital certificates, wherein the revocation information is up to date as of the time of issuance by the certificate authority, wherein at the time of issuance by the certificate authority the revocation information of the CRL indicates whether the expired first digital certificate has been revoked and indicates a revocation time if the expired digital certificate has been revoked; and
  
  subsequent to the expiration time of the first digital certificate, determining that said digital signature is valid, wherein said determining comprises evaluating the CRL to determine that the first digital certificate was not revoked at said signing time.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The computer-implemented method of claim 1, wherein the received CRL is not included within the digitally signed data.
  - 3. The computer-implemented method of claim 1, wherein evaluating the CRL to determine that the first certificate was not revoked at said signing time comprises determining that revocation information corresponding to the first digital certificate is not present within the CRL.
  - 4. The computer-implemented method of claim 1, wherein evaluating the CRL to determine that the first certificate was not revoked at said signing time comprises:
    - determining that a particular portion of the revocation information of the CRL corresponds to the first digital certificate, wherein said particular portion of the revocation information indicates a time at which the first digital certificate was revoked; and
      
      determining that the time at which the first digital certificate was revoked is later than the signing time of the digitally signed data.
  - 5. The computer-implemented method of claim 1, wherein said determining that said digital signature is valid comprises determining that said digital signature is a valid digital signature of the data according to a public key stored within the digital certificate.
  - 6. The computer-implemented method of claim 1, further comprising:
    - receiving additional digitally signed data comprising;
      
      second data, a second signing time at which the second data was digitally signed, and a second digital signature of the second data and the second signing time;
      
      subsequent to the expiration time of the first digital certificate, determining that said second digital signature is invalid, wherein that determination comprises evaluating the CRL to determine that the first certificate was revoked prior to said signing time.
  - 7. The computer-implemented method of claim 1, wherein said CRL is received separately from said digitally signed data via one or more data networks.
  - 8. The computer-implemented method of claim 1, wherein the CRL is updated with one or more portions of new revocation information subsequent to the generation of said digital signature, wherein receiving the CRL comprises receiving a version of the CRL that includes the one or more portions of new revocation information.
  - 9. The computer-implemented method of claim 1, further comprising, prior to using the CRL to determine a revocation status of the first digital certificate, verifying that the received CRL persists revocation information for digital certificates that have already expired.
  - 10. The computer-implemented method of claim 1, further comprising, in response to determining that said digital signature is valid, wherein generating a result indicating that said digital signature is valid on a display to provide a graphical indication of the result.

11. A system, comprising:
- a memory; and
  
  one or more processors coupled to the memory, wherein the memory comprises program instructions executable by the one or more processors to;
  
  receive a digital signature of data and of a signing time of the digital signature;
  
  receive a first digital certificate comprising information for verifying the digital signature, wherein the first digital certificate has an expiration time;
  
  receive a current certificate revocation list (CRL) issued by a certificate authority after expiration of the first digital certificate, the CRL comprising revocation information for a plurality of revoked digital certificates including expired digital certificates, wherein the revocation information is up to date as of the time of issuance by the certificate authority;
  
  wherein at the time of issuance by the certificate authority the revocation information of the CRL indicates whether the expired first digital certificate has been revoked and indicates a revocation time if the expired digital certificate has been revoked; and
  
  subsequent to the expiration time of the first digital certificate, determine that said digital signature is valid, wherein said determining comprises evaluating the CRL to determine that the first digital certificate was not revoked at said signing time.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The system of claim 11, wherein the received CRL is not included within the digitally signed data.
  - 13. The system of claim 11, wherein to evaluate the CRL to determine that the first certificate was not revoked at said signing time, the program instructions are configured to determine that revocation information corresponding to the first digital certificate is not present within the CRL.
  - 14. The system of claim 11, wherein to evaluate the CRL to determine that the first certificate was not revoked at said signing time, the program instructions are configured to:
    - determine that a particular portion of the revocation information of the CRL corresponds to the first digital certificate, wherein said particular portion of the revocation information indicates a time at which the first digital certificate was revoked; and
      
      determine that the time at which the first digital certificate was revoked is later than the signing time of the digitally signed data.
  - 15. The system of claim 11, wherein to determine that said digital signature is valid, the program instructions are configured to determine that said digital signature is a valid digital signature of the of data according to a public key stored within the digital certificate.
  - 16. The system of claim 11, wherein the program instructions are configured to:
    - receive additional digitally signed data comprising;
      
      second data, a second signing time at which the second data was digitally signed, and a second digital signature of the second data and the second signing time;
      
      subsequent to the expiration time of the first digital certificate, determine that said second digital signature is invalid, wherein that determination comprises evaluating the CRL to determine that the first certificate was revoked prior to said signing time.
  - 17. The system of claim 11, wherein said CRL is received separately from said digitally signed data via one or more data networks.
  - 18. The system of claim 11, wherein the CRL is updated with one or more portions of new revocation information subsequent to the generation of said digital signature, wherein to receive the CRL the program instructions are configured to receive a version of the CRL that includes the one or more portions of new revocation information.
  - 19. The system of claim 11, wherein the program instructions are configured to, prior to using the CRL to determine a revocation status of the first digital certificate, verify that the received CRL persists revocation information for digital certificates that have already expired.
  - 20. The system of claim 11, wherein the program instructions are configured to generate a result on a display to provide a graphical indication that said digital signature is valid in response to determining that said digital signature is valid.

21. A non-transitory computer-readable storage medium, storing program instructions computer-executable to:
- receive a digital signature of data and of a signing time of the digital signature;
  
  receive a first digital certificate comprising information for verifying the digital signature, wherein the first digital certificate has an expiration time;
  
  receive a current certificate revocation list (CRL) issued by a certificate authority after expiration of the first digital certificate, the CRL comprising revocation information for a plurality of revoked digital certificates including expired digital certificates, wherein the revocation information is up to date as of the time of issuance by the certificate authority, wherein at the time of issuance by the certificate authority the revocation information of the CRL indicates whether the expired first digital certificate has been revoked and indicates a revocation time if the expired digital certificate has been revoked; and
  
  subsequent to the expiration time of the first digital certificate, determine that said digital signature is valid, wherein said determining comprises evaluating the CRL to determine that the first digital certificate was not revoked at said signing time.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
- - 22. The medium of claim 21, wherein the received CRL is not included within the digitally signed data.
  - 23. The medium of claim 21, wherein to evaluate the CRL to determine that the first certificate was not revoked at said signing time, the program instructions are configured to determine that revocation information corresponding to the first digital certificate is not present within the CRL.
  - 24. The medium of claim 21, wherein to evaluate the CRL to determine that the first certificate was not revoked at said signing time, the program instructions are configured to:
    - determine that a particular portion of the revocation information of the CRL corresponds to the first digital certificate, wherein said particular portion of the revocation information indicates a time at which the first digital certificate was revoked; and
      
      determine that the time at which the first digital certificate was revoked is later than the signing time of the digitally signed data.
  - 25. The medium of claim 21, wherein to determine that said digital signature is valid, the program instructions are configured to determine that said digital signature is a valid digital signature of the data according to a public key stored within the digital certificate.
  - 26. The medium of claim 21, wherein the program instructions are configured to:
    - receive additional digitally signed data comprising;
      
      second data, a second signing time at which the second data was digitally signed, and a second digital signature of the second data and the second signing time;
      
      subsequent to the expiration time of the first digital certificate, determine that said second digital signature is invalid, wherein that determination comprises evaluating the CRL to determine that the first certificate was revoked prior to said signing time.
  - 27. The medium of claim 21, wherein said CRL is received separately from said digitally signed data via one or more data networks.
  - 28. The medium of claim 21, wherein the CRL is updated with one or more portions of new revocation information subsequent to the generation of said digital signature, wherein to receive the CRL the program instructions are configured to receive a version of the CRL that includes the one or more portions of new revocation information.
  - 29. The medium of claim 21, wherein the program instructions are configured to, prior to using the CRL to determine a revocation status of the first digital certificate, verify that the received CRL persists revocation information for digital certificates that have already expired.
  - 30. The medium of claim 21, wherein the program instructions are configured to generate a result on a display to provide a graphical indication that said digital signature is valid in response to determining that said digital signature is valid.

31. A computer-implemented method, comprising:
- executing instructions on a specific apparatus so that binary digital electronic signals representing a digital signature of data and of a signing time of the digital signature are received;
  
  executing instructions on said specific apparatus so that binary digital electronic signals representing a first digital certificate are received, wherein the first digital certificate comprises information for verifying the digital signature, wherein the first digital certificate has an expiration time;
  
  executing instructions on said specific apparatus so that binary digital electronic signals representing a current certificate revocation list (CRL) issued by a certificate authority after expiration of the first digital certificate are received including revocation information for a plurality of revoked digital certificates including expired digital certificates wherein the revocation information is up to date as of the time of issuance by the certificate authority, wherein at the time of issuance by the certificate authority the revocation information of the CRL indicates whether the expired first digital certificate has been revoked and indicates a revocation time if the expired digital certificate has been revoked; and
  
  subsequent to the expiration time of the first digital certificate, executing instructions on said specific apparatus to determine that said digital signature is valid, wherein said determining comprises evaluating the CRL to determine that the first digital certificate was not revoked at said signing time.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Adobe Inc.
Original Assignee
Adobe Systems Incorporated (Adobe Inc.)
Inventors
Agrawal, Sunil C.

Granted Patent

US 8,635,442 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/158
CPC Class Codes

H04L 9/3268 using certificate validatio...

System And Method For Long-Term Digital Signature Verification Utilizing Light Weight Digital Signatures

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

40 Citations

31 Claims

Specification

Solutions

Use Cases

Quick Links

System And Method For Long-Term Digital Signature Verification Utilizing Light Weight Digital Signatures

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

40 Citations

31 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links