Many software publishers digitally “sign” files or applications created or published by the publisher in order to demonstrate the authenticity of such files and applications. For example, a software publisher may digitally sign a file by encrypting a checksum or hash of the file using a public-key cryptographic system in order to enable recipients to verify that the file was both created by the publisher and has not been altered since leaving the publisher's possession.
Because malicious or unscrupulous individuals or entities may attempt to pose as respected software publishers when distributing files, a software publisher may also obtain, and include within all files that it subsequently publishes, a digital certificate from a well-known and/or trusted certificate authority that certifies that files signed by the publisher in fact originated from the publisher in question. Digital certificates, which are typically digitally signed by a trusted certificate authority using the certificate authority's private cryptographic key, attest that a particular public key belongs to an identified entity, thereby enabling recipients to verify that a digitally signed file in fact originated from a particular entity.
Unfortunately, current digital certificates fail to convey any useful information above and beyond the identity of the entity (or entities) that digitally signed the file in question. Moreover, because software publishers typically sign all files that they publish using the same digital certificate, if a certificate authority or software publisher ever needs to revoke a digital certificate, then all files that have been digitally signed using this digital certificate are also treated as revoked, even if only a single file signed using this digital certificate necessitated the revocation event. Accordingly, the instant disclosure identifies and addresses a need for improved systems and methods for generating and providing digital certificates.