Systems and methods for identifying code signing certificate misuse
First Claim
1. A computer-implemented method for identifying code signing certificate misuse, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
- identifying a software file that has been signed using a code signing certificate;
identifying a software publisher that is identified by the code signing certificate used to sign the software file;
obtaining a reputation score for the software file by querying a centralized database comprising a plurality of file reputations, wherein;
the reputation score indicates a trustworthiness of the software file independently of the code signing certificate;
the reputation score is based on information that is collected in the course of conducting malware scans of client devices and sent to the centralized database;
providing, to the software publisher, information that is based on the reputation score and that indicates that the code signing certificate has been compromised.
9 Assignments
0 Petitions
Accused Products
Abstract
A computer-implemented method for identifying code signing certificate misuse may include (1) identifying a software file that has been signed using a code signing certificate, (2) identifying a software publisher that is identified by the code signing certificate used to sign the software file, (3) obtaining a reputation score for the software file that indicates a trustworthiness of the software file independently of the code signing certificate, and (4) providing, to the software publisher, information that is based on the reputation score and that indicates that the code signing certificate has been compromised. Various other methods, systems, and computer-readable media are also disclosed.
20 Citations
20 Claims
-
1. A computer-implemented method for identifying code signing certificate misuse, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
-
identifying a software file that has been signed using a code signing certificate; identifying a software publisher that is identified by the code signing certificate used to sign the software file; obtaining a reputation score for the software file by querying a centralized database comprising a plurality of file reputations, wherein; the reputation score indicates a trustworthiness of the software file independently of the code signing certificate; the reputation score is based on information that is collected in the course of conducting malware scans of client devices and sent to the centralized database; providing, to the software publisher, information that is based on the reputation score and that indicates that the code signing certificate has been compromised. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system for identifying code signing certificate misuse, the system comprising:
-
an identification module that identifies a software file that has been signed using a code signing certificate; a publisher identification module that identifies a software publisher that is identified by the code signing certificate used to sign the software file; a reputation module that obtains a reputation score for the software file by querying a centralized database comprising a plurality of file reputations, wherein; the reputation score indicates a trustworthiness of the software file independently of the code signing certificate; the reputation score is based on information that is collected in the course of conducting malware scans of client devices and sent to the centralized database; a reporting module that provides, to the software publisher, information that is based on the reputation score and that indicates that the code signing certificate has been compromised; at least one processor configured to execute the identification module, the publisher identification module, the reputation module, and the reporting module. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A non-transitory computer-readable medium comprising one or more computer-executable instructions that, when executed by at least one processor of a computing device, cause the computing device to:
-
identify a software file that has been signed using a code signing certificate; identify a software publisher that is identified by the code signing certificate used to sign the software file; obtain a reputation score for the software file by querying a centralized database comprising a plurality of file reputations, wherein; the reputation score indicates a trustworthiness of the software file independently of the code signing certificate; the reputation score is based on information that is collected in the course of conducting malware scans of client devices and sent to the centralized database; provide, to the software publisher, information that is based on the reputation score and that indicates that the code signing certificate has been compromised. - View Dependent Claims (20)
-
Specification