Method for revoking a digital signature

US 7,958,349 B2
Filed: 08/30/2007
Issued: 06/07/2011
Est. Priority Date: 08/30/2007
Status: Active Grant

First Claim

Patent Images

1. A method, implemented by a server computer system programmed to perform the following, comprising:

generating, by the server computer system, a signature revocation list to indicate revocation status of a signature used by a signer to sign a document, the signature comprising a signing certificate issued by a trusted authority and the document that has been hashed by a hash function and encrypted by a private key of the signer of the document;

computing, by the server computer system, an identifier of the signature in the signature revocation list based on contents of the signature; and

publishing, by the server computer system, the signature revocation list for access by users of the document.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for revoking a digital signature using a signature revocation list. In one embodiment, the method includes generating the signature revocation list to indicate revocation status of a signature. The signature is created from an encryption key and a document. The method also includes computing an identifier of the signature in the signature revocation list based on contents of the signature. The method further includes publishing the signature revocation list for access by users of the document.

16 Citations

View as Search Results

25 Claims

1. A method, implemented by a server computer system programmed to perform the following, comprising:
- generating, by the server computer system, a signature revocation list to indicate revocation status of a signature used by a signer to sign a document, the signature comprising a signing certificate issued by a trusted authority and the document that has been hashed by a hash function and encrypted by a private key of the signer of the document;
  
  computing, by the server computer system, an identifier of the signature in the signature revocation list based on contents of the signature; and
  
  publishing, by the server computer system, the signature revocation list for access by users of the document.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein publishing the signature revocation list further comprises:
    - publishing the signature revocation list to a Lightweight Directory Access Protocol (LDAP) directory.
  - 3. The method of claim 1, further comprising:
    - associating the signature in the signature revocation list with a reason for which the signature is revoked.
  - 4. The method of claim 1, further comprising:
    - associating the signature in the signature revocation list with a revocation time to indicate a time at which the signature is revoked.
  - 5. The method of claim 1, wherein generating a signature revocation list further comprises:
    - generating the signature revocation list to revoke all instances of the signature without revoking use of the private key on other documents.
  - 6. The method of claim 1, wherein generating a signature revocation list further comprises:
    - generating the signature revocation list to revoke at least one use of the signature at a specific time.
  - 7. The method of claim 1, further comprising:
    - signing the signature revocation list with a certificate issued by a certificate authority to indicate that the signature revocation list is generated by a trusted entity.
  - 8. The method of claim 1, wherein computing an identifier of the signature further comprises:
    - hashing the signature for use as the identifier.
  - 9. The method of claim 1, wherein the signing certificate comprises a public key corresponding to the private key.
  - 10. The method of claim 1, wherein the signature includes a signing time of the document, the signing time issued by a time-stamping authority.

11. A system comprising:
- data storage to store a signature revocation list to indicate revocation status of a signature used by a signer to sign a document, the signature comprising a signing certificate issued by a trusted authority and the document that has been hashed by a hash function and encrypted by a private key of the signer of the document; and
  
  a revocation server computer system coupled to the data storage to generate the signature revocation list in which the signature is to be identified based on contents of the signature, and to publish the signature revocation list for access by users of the document.
- View Dependent Claims (12, 13, 14, 15, 16, 17)
- - 12. The system of claim 11, further comprising:
    - a certificate authority computer system coupled to the revocation server computer system to issue a certificate to the revocation server computer system to indicate that the signature revocation list is generated by a trusted entity.
  - 13. The system of claim 11, further comprising:
    - an application server computer system coupled to the revocation server computer system, the application server computer system issued with the signing certificate to sign the document, validity of the signing certificate unaffected by revocation of the signature.
  - 14. The system of claim 11, wherein the revocation server computer system comprises:
    - a hash unit computer system to hash the signature of the document for inclusion in the signature revocation list.
  - 15. The system of claim 11, further comprising:
    - a directory server computer system coupled to the revocation server computer system and the data storage, the directory server computer system to publish the signature revocation list and to respond to queries about validity of a signed document.
  - 16. The system of claim 11, further comprising:
    - a time-stamping authority computer system accessible to signers of the document, the time-stamping authority computer system to time-stamp the signature when the document is signed.
  - 17. The system of claim 11, wherein the signature revocation list includes a reason for revocation and a revocation time.

18. A non-transitory computer readable storage medium including instructions that, when executed by a processing system, cause the processing system to perform a method comprising:
- generating a signature revocation list to indicate revocation status of a signature used by a signer to sign a document, the signature comprising a signing certificate issued by a trusted authority and the document that has been hashed by a hash function and encrypted by a private key of the signer of the document;
  
  computing an identifier of the signature in the signature revocation list based on contents of the signature; and
  
  publishing the signature revocation list for access by users of the document.
- View Dependent Claims (19, 20)
- - 19. The computer readable storage medium of claim 18 wherein the method further comprises:
    - associating the signature in the signature revocation list with a reason for which the signature is revoked.
  - 20. The computer readable storage medium of claim 18 wherein the method further comprises:
    - associating the signature in the signature revocation list with a revocation time to indicate a time at which the signature is revoked.

21. A method, implemented by a client computer system programmed to perform the following, comprising:
- receiving, by the client computer system, a document and a signature used by a signer to sign a document, the signature comprising a signing certificate issued by a trusted authority and the document that has been hashed by a hash function and encrypted by a private key of the signer of the document;
  
  submitting by the client computer system a request for verifying the signature, the request including an identifier computed from contents of the signature; and
  
  receiving, by the client computer system, a response to the request, the response indicating validity of the signature.
- View Dependent Claims (22, 23)
- - 22. The method of claim 21, wherein receiving a response further comprises:
    - receiving a signature revocation list in the response, the signature revocation list indicating revocation status of a plurality of signatures.
  - 23. The method of claim 21, further comprising:
    - computing the identifier by hashing the signature.

24. A non-transitory computer readable storage medium including instructions that, when executed by a processing system, cause the processing system to perform a method comprising:
- receiving a query identifying a signature used by a signer to sign a document, the signature comprising a signing certificate issued by a trusted authority and the document that has been hashed by a hash function and encrypted by a private key of the signer of the document;
  
  determining whether the signature is in a signature revocation list that indicates revocation status of a plurality of signatures; and
  
  responding to the query by indicating validity of the signature.
- View Dependent Claims (25)
- - 25. The computer readable storage medium of claim 24, wherein determining whether the signature is in a signature revocation list further comprises:
    - using a signature hash as an identifier for determining whether the signature is in the signature revocation list.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Red Hat, Inc. (International Business Machines Corporation)
Original Assignee
Red Hat, Inc. (International Business Machines Corporation)
Inventors
Parkinson, Steven W.
Primary Examiner(s)
Pich; Ponnoreay

Application Number

US11/897,461
Publication Number

US 20090063854A1
Time in Patent Office

1,377 Days
Field of Search

713/158, 713/176, 713/177
US Class Current

713/158
CPC Class Codes

H04L 2209/60   Digital content management,...

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 63/0823   using certificates cryptogr...

H04L 63/20   for managing network securi...

H04L 9/3247   involving digital signatures

Method for revoking a digital signature

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

16 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Method for revoking a digital signature

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

16 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links