| 摘要 |
The time over which a digital signature can be verified is extended well beyond the expiration of any or all of the certificates upon which that signature depends. A "save state" approach is disclosed, in which an archive facility is used to store public key infrastructure (PKI) state, e.g. cryptographic information, such as certificates and certificate revocation lists (CRLs), in addition to non-cryptographic information, such as trust policy statements or the document itself. This information comprises all that is necessary to re-create the signature verification process at a later time. When a user wants to reverify the signature on a document, possibly years later, a long term signature verification (LTSV) server re-creates the precise state of the PKI at the time the document was originally submitted. The LTSV server restores the state, and the signature verification process executes the exact process it performed (or would have performed) years earlier. In another embodiment the strength of cryptography is combined with the proven resilience of (non-public key) technology and procedures currently associated with secure data stores by saving the PKI state for future reverification; and protecting the PKI state information from intrusion by maintaining it in a secure storage facility which is protected by services, such as firewalls, access control mechanisms, audit facilities, intrusion detection facilities, physical isolation, and network isolation. |
