Abstract: Digital signatures are generated for a message using an authentication tree data structure in which nodes are created as needed from a root node. A public and secret key pair is generated using a one-time signature method to form each node, and the secret key of each parent node is used to sign the public keys of its child nodes. Once the secret key of a node has been used in creating a signature for a message, it may be revealed. The signature data structure is unbounded and stateless, and need not be pre-generated and fixed.

Abstract: A log, comprising a sequence of temporally ordered digital entries, is authenticated by entering a new entry into the log only after expiration of a minimum time interval. A digital signature and timestamp are generated for each entry in the log and are included in each respective entry. In a validity verification phase, the timestamp of at least one of the entries is examined to determine whether it indicates entry into the log at a time relative to a preceding entry in the log after less than an expected minimum time interval. If so, a remedial action is taken.

Abstract: During a period of uni-directional, device-to-collector communication, a digital signature is created for at least one data set based on a public key, which is computed from at least one time-bound secret key. When collector-to-device communication becomes available, the collector signals to the device that the current data collection period may end, at which point the time-bound secret key(s) previously used may be revealed but are not longer usable.

Abstract: A log, comprising a sequence of temporally ordered digital entries, is authenticated by entering a new entry into the log only after expiration of a minimum time interval. A digital signature and timestamp are generated for each entry in the log and are included in each respective entry. In a validity verification phase, the timestamp of at least one of the entries is examined to determine whether it indicates entry into the log at a time relative to a preceding entry in the log after less than an expected minimum time interval. If so, a remedial action is taken.

Abstract: During a period of uni-directional, device-to-collector communication, a digital signature is created for at least one data set based on a public key, which is computed from at least one time-bound secret key. When collector-to-device communication becomes available, the collector signals to the device that the current data collection period may end, at which point the time-bound secret key(s) previously used may be revealed but are not longer usable.

Abstract: A digital signature is created for a data set based on a group of one-time secret keys. Revealable, representative values of the secret keys are computed, for example by cryptographic hashing, and an authentication code vector is also formed having elements that cryptographically combine each secret key with a randomizing function of the data set. The vector is timestamped and signed at a signing time. Bits of a binary representation of the signing time are used to select which of the secret values are included in a selected key vector. A signature of the digital data is then compiled to include the set of authentication code values, the signature of the authentication code vector, and the selected key vector. The secret keys thereby become unusable after the signing time.