diff --git a/bearer/bearer.go b/bearer/bearer.go
index 05ecbdbc..d9d9ebf3 100644
--- a/bearer/bearer.go
+++ b/bearer/bearer.go
@@ -167,7 +167,7 @@ func (b Token) WriteToV2(m *acl.BearerToken) {
 //
 // Naming is inspired by https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.4.
 //
-// See also InvalidAt.
+// See also [Token.ValidAt].
 func (b *Token) SetExp(exp uint64) {
 	b.exp = exp
 }
@@ -184,7 +184,7 @@ func (b Token) Exp() uint64 {
 //
 // Naming is inspired by https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.5.
 //
-// See also InvalidAt.
+// See also [Token.ValidAt].
 func (b *Token) SetNbf(nbf uint64) {
 	b.nbf = nbf
 }
@@ -200,7 +200,7 @@ func (b Token) Nbf() uint64 {
 //
 // Naming is inspired by https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.6.
 //
-// See also InvalidAt.
+// See also [Token.ValidAt].
 func (b *Token) SetIat(iat uint64) {
 	b.iat = iat
 }
@@ -210,14 +210,19 @@ func (b Token) Iat() uint64 {
 	return b.iat
 }
 
+// ValidAt checks whether the Token is still valid at the given epoch according
+// to its lifetime claims.
+func (b Token) ValidAt(epoch uint64) bool {
+	return b.Nbf() <= epoch && b.Iat() <= epoch && b.Exp() >= epoch
+}
+
 // InvalidAt asserts "exp", "nbf" and "iat" claims for the given epoch.
 //
 // Zero Container is invalid in any epoch.
 //
 // See also SetExp, SetNbf, SetIat.
-func (b Token) InvalidAt(epoch uint64) bool {
-	return b.Nbf() > epoch || b.Iat() > epoch || b.Exp() < epoch
-}
+// Deprecated: use inverse [Token.ValidAt] instead.
+func (b Token) InvalidAt(epoch uint64) bool { return !b.ValidAt(epoch) }
 
 // SetEACLTable sets eacl.Table that replaces the one from the issuer's
 // container. If table has specified container, bearer token can be used only
diff --git a/bearer/bearer_test.go b/bearer/bearer_test.go
index 1dd7c2eb..ab0544de 100644
--- a/bearer/bearer_test.go
+++ b/bearer/bearer_test.go
@@ -267,21 +267,29 @@ func TestToken_SetExp(t *testing.T) {
 	testLifetimeClaim(t, (*bearer.Token).SetExp, bearer.Token.Exp)
 }
 
-func TestToken_InvalidAt(t *testing.T) {
+func TestToken_ValidAt(t *testing.T) {
 	var val bearer.Token
 
+	require.True(t, val.ValidAt(0))
 	require.False(t, val.InvalidAt(0))
+	require.False(t, val.ValidAt(1))
 	require.True(t, val.InvalidAt(1))
 
 	val.SetIat(1)
 	val.SetNbf(2)
 	val.SetExp(4)
 
+	require.False(t, val.ValidAt(0))
 	require.True(t, val.InvalidAt(0))
+	require.False(t, val.ValidAt(1))
 	require.True(t, val.InvalidAt(1))
+	require.True(t, val.ValidAt(2))
 	require.False(t, val.InvalidAt(2))
+	require.True(t, val.ValidAt(3))
 	require.False(t, val.InvalidAt(3))
+	require.True(t, val.ValidAt(4))
 	require.False(t, val.InvalidAt(4))
+	require.False(t, val.ValidAt(5))
 	require.True(t, val.InvalidAt(5))
 }
 
diff --git a/session/common.go b/session/common.go
index 6d74841d..f40a4610 100644
--- a/session/common.go
+++ b/session/common.go
@@ -244,7 +244,7 @@ func (x commonData) Exp() uint64 {
 //
 // Naming is inspired by https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.5.
 //
-// See also InvalidAt.
+// See also ValidAt.
 func (x *commonData) SetNbf(nbf uint64) {
 	x.nbf = nbf
 }
@@ -260,7 +260,7 @@ func (x commonData) Nbf() uint64 {
 //
 // Naming is inspired by https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.6.
 //
-// See also InvalidAt.
+// See also ValidAt.
 func (x *commonData) SetIat(iat uint64) {
 	x.iat = iat
 }
@@ -274,14 +274,19 @@ func (x commonData) expiredAt(epoch uint64) bool {
 	return x.Exp() < epoch
 }
 
+// ValidAt checks whether the token is still valid at the given epoch according
+// to its lifetime claims.
+func (x commonData) ValidAt(epoch uint64) bool {
+	return x.Nbf() <= epoch && x.Iat() <= epoch && x.Exp() >= epoch
+}
+
 // InvalidAt asserts "exp", "nbf" and "iat" claims.
 //
 // Zero session is invalid in any epoch.
 //
 // See also SetExp, SetNbf, SetIat.
-func (x commonData) InvalidAt(epoch uint64) bool {
-	return x.expiredAt(epoch) || x.Nbf() > epoch || x.Iat() > epoch
-}
+// Deprecated: use inverse [Token.ValidAt] instead.
+func (x commonData) InvalidAt(epoch uint64) bool { return !x.ValidAt(epoch) }
 
 // SetID sets a unique identifier for the session. The identifier value MUST be
 // assigned in a manner that ensures that there is a negligible probability
diff --git a/session/common_test.go b/session/common_test.go
index 417409b0..561ec2e5 100644
--- a/session/common_test.go
+++ b/session/common_test.go
@@ -226,13 +226,15 @@ func testLifetimeClaim[T session.Container | session.Object](t testing.TB, get f
 	require.EqualValues(t, 5469830342, get(x))
 }
 
-func testInvalidAt[T interface {
+func testValidAt[T interface {
 	*session.Container | *session.Object
 	SetExp(uint64)
 	SetIat(uint64)
 	SetNbf(uint64)
+	ValidAt(uint64) bool
 	InvalidAt(uint64) bool
 }](t testing.TB, x T) {
+	require.True(t, x.ValidAt(0))
 	require.False(t, x.InvalidAt(0))
 
 	const iat = 13
@@ -243,16 +245,21 @@ func testInvalidAt[T interface {
 	x.SetNbf(nbf)
 	x.SetExp(exp)
 
+	require.False(t, x.ValidAt(iat-1))
 	require.True(t, x.InvalidAt(iat-1))
+	require.False(t, x.ValidAt(iat))
 	require.True(t, x.InvalidAt(iat))
+	require.True(t, x.ValidAt(nbf))
 	require.False(t, x.InvalidAt(nbf))
+	require.True(t, x.ValidAt(exp))
 	require.False(t, x.InvalidAt(exp))
+	require.False(t, x.ValidAt(exp+1))
 	require.True(t, x.InvalidAt(exp+1))
 }
 
 func TestInvalidAt(t *testing.T) {
-	testInvalidAt(t, new(session.Container))
-	testInvalidAt(t, new(session.Object))
+	testValidAt(t, new(session.Container))
+	testValidAt(t, new(session.Object))
 }
 
 func testSetAuthKey[T session.Container | session.Object](t testing.TB, set func(*T, neofscrypto.PublicKey), assert func(T, neofscrypto.PublicKey) bool) {
diff --git a/session/container_test.go b/session/container_test.go
index e8b7b523..8a6040df 100644
--- a/session/container_test.go
+++ b/session/container_test.go
@@ -472,7 +472,7 @@ func TestContainer_ApplyOnlyTo(t *testing.T) {
 }
 
 func TestContainer_InvalidAt(t *testing.T) {
-	testInvalidAt(t, new(session.Container))
+	testValidAt(t, new(session.Container))
 }
 
 func TestContainer_ID(t *testing.T) {
diff --git a/session/object_test.go b/session/object_test.go
index 578d794c..6c5b427e 100644
--- a/session/object_test.go
+++ b/session/object_test.go
@@ -529,7 +529,7 @@ func TestObject_LimitByObjects(t *testing.T) {
 }
 
 func TestObject_InvalidAt(t *testing.T) {
-	testInvalidAt(t, new(session.Object))
+	testValidAt(t, new(session.Object))
 }
 
 func TestObject_ID(t *testing.T) {