Patent · US Active

Systems and methods for identifying code signing certificate misuse

US9338012B1 · kind B1 · utility

15Cited by

0References

20Claims

0Family size

Assignee

Symantec Corporation · US

Inventors

Alok Naik · Bengaluru, IN
Suhas Prakashkumar · Bengaluru, IN
Sreekanth Narayanan · Singapore, SG

Key dates

Filing date	Oct 4, 2013
Grant date	May 10, 2016
Priority date	—
Expiry date	Jun 17, 2034

Classification

Technology area (CPC H)Electricity
CPC primaryH04L9/3247
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

A computer-implemented method for identifying code signing certificate misuse may include (1) identifying a software file that has been signed using a code signing certificate, (2) identifying a software publisher that is identified by the code signing certificate used to sign the software file, (3) obtaining a reputation score for the software file that indicates a trustworthiness of the software file independently of the code signing certificate, and (4) providing, to the software publisher, information that is based on the reputation score and that indicates that the code signing certificate has been compromised. Various other methods, systems, and computer-readable media are also disclosed.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.