Not with a 100% accuracy I must say. If you are a company developing products, you would have many different product and all of those products end up being signed using a single private key. So assuming that it only sends a company's public key for validation, it would still have to take a guess as to which product was downloaded.