This is an old revision of the document!
Table of Contents
Summary
To prevent a key from being checked out, then copied, the key is fingerprinted with various pieces of system information. These fingerprint values are later checked to make sure that the system currently running is largely the same as it was before. Some changes are allowed, in case the user needs to update parts of their hardware (memory, disk, etc). Some of the parameters (listed in the next section) are not appropriate for all platforms. The selection of platform parameters is dependent upon the actual tamper resistance detection implementation.
Parameters
| Parameter | Weight | Notes |
| Mac Address | Retrievable in Java 6 | |
| CPU Id | ||
| EIN Number | ||
| System Clock | 0 | Not used for system finger printing, check to make sure clock was not set back. |
| # Processors | 5 |
Solo parameters
| Hard Drive Format Serial | 4 |
| MAC Address of Network Interface Card (NIC) | 9 |
| Windows Product ID | 4 |
| Bios Revision Number/Date | 3 |
| Computer Name | 1 |
| Processor Information | 9 |
| Processor Speed | 3 |
| Memory Size | 2 |
| SID | 4 |
| Video Card | 4 |
| Hard Drive Model | 9 |
| Hard Drive Serial | 9 |
| Motherboard Model | 9 |
| Motherboard Serial | 9 |
| CD/DVD Drive | 3 |
| Sound Card | 4 |
| Domain | 6 |
Key Tamper Detection
It is possible that the user may attempt to tamper with the stored version of the key. To reduce this possibility, the contents of the key are cryptographically signed. When the key is read in from storage, the contents are again signed and the two signatures are compared. If the signature is different, the assumption is that the key has been tampered with. After a positive tamper event, the key will no longer work.
