Previous Topic: DNS RestrictionsNext Topic: Machine PIN for Native Client

CA ArcotID PKI Client Reference GuideArcotID PKI Client FeaturesDevice Locking

Device Locking

The Device Locking feature enables an ArcotID PKI to be locked to a specific machine, so that the ArcotID PKI is not usable if it is copied to another machine.

The feature works by camouflaging (protecting) an ArcotID PKI using a password made of two components.

  1. The password selected by the user when the ArcotID PKI is issued.
  2. A new Machine PIN, which is derived from unique machine-specific information derived from the hardware characteristics of the client machine.

When device locking is enabled, the ArcotID PKI is cryptographically camouflaged twice, once with the user password and once with the Machine PIN.

The device locking is done at the time when an ArcotID PKI is downloaded to the user's machine. After an ArcotID PKI is locked to the user's machine, it is not usable if you copy it to another machine.

Typically when device locking is enabled, the server will not enable Roaming of the ArcotID PKI, so that the user will not be able to download the ArcotID PKI to another machine. To enable both roaming on the server and device locking, the ArcotID PKI is device locked separately to each machine on which it is downloaded.