Trusted data verification
First Claim
Patent Images
1. A computer-implemented method, comprising:
- reading, by one or more computer systems from persistent data storage, data and an electronic signature, the electronic signature having been generated based at least in part on;
the data; and
first secret information shared between a first entity and a verification system, the first secret information being;
derived from second secret information that indicates a scope of use of the first secret information, the scope of use comprising one or more computing operations allowed to be taken using the first secret information; and
inaccessible to the one or more computer systems;
submitting, over a network to the verification system, a request to verify the electronic signature, the request including the data and the electronic signature;
obtaining, from the verification system, a response to the request that includes an indication whether the verification system attests to validity of the electronic signature, the indication being dependent at least in part on whether the electronic signature is verifiable as being within the scope of use indicated by the second secret information; and
performing the one or more computing operations using the first secret information dependent on the indication.
1 Assignment
0 Petitions
Accused Products
Abstract
Electronically signed data is persistently stored in data storage. After the passage of time, the data may be accessed and presented to a trusted entity for verification of the data. The trusted entity may have access to secret information used to sign the data. The trusted entity may use the secret information to verify an electronic signature of the data. One or more actions may be taken based at least in part on a response provided by the verification system.
237 Citations
29 Claims
-
1. A computer-implemented method, comprising:
-
reading, by one or more computer systems from persistent data storage, data and an electronic signature, the electronic signature having been generated based at least in part on; the data; and first secret information shared between a first entity and a verification system, the first secret information being; derived from second secret information that indicates a scope of use of the first secret information, the scope of use comprising one or more computing operations allowed to be taken using the first secret information; and inaccessible to the one or more computer systems; submitting, over a network to the verification system, a request to verify the electronic signature, the request including the data and the electronic signature; obtaining, from the verification system, a response to the request that includes an indication whether the verification system attests to validity of the electronic signature, the indication being dependent at least in part on whether the electronic signature is verifiable as being within the scope of use indicated by the second secret information; and performing the one or more computing operations using the first secret information dependent on the indication. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system, comprising:
memory to store executable instructions that, as a result of being executed by one or more processors, cause the system to; obtain secret information and one or more conditions comprising one or more actions that are allowed to be taken using the secret information; obtain, from a first requestor, a first request to verify an electronic signature that was generated based at least in part on the secret information; provide a first response to the first request with a first attestation about whether the electronic signature indicates authenticity of data, the first request including information indicative of satisfying the one or more conditions; obtain, from a second requestor, a second request to verify the electronic signature; and provide a second response to the second request with a second attestation about whether the electronic signature indicates authenticity of the data, the second attestation providing a different indication of authenticity of the data than the first attestation. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
-
22. A non-transitory computer-readable storage medium having stored thereon executable instructions that, as a result of execution by one or more processors of a computer system, cause the computer system to:
-
obtain, from persistent storage, data and an electronic signature generated based at least in part on;
data and first secret information, the first secret information being;accessible to a verification system; inaccessible to the computer system; and derived from second secret information that indicates a scope of use of the first secret information, the scope of use comprising a set of computing resources that are allowed to be accessed using the first secret information; transmit, over a network to the verification system, a request to verify the electronic signature, the request including the data and the electronic signature; and take one or more actions in dependence on a response obtained from the verification system, the response including an indication whether the verification system attests to validity of the electronic signature in accordance with the scope of use indicated by the second secret information, the one or more actions including providing access to the set of computing resources. - View Dependent Claims (23, 24, 25, 26, 27, 28, 29)
-
Specification