"Such a "fingerprint" for a given piece of hardware would be most helpful to online gaming companies and the players. Heavy gamers tend to have high-end graphics cards and customized machines, so odds are they are accessing an online game, such as World of Warcraft from their own computer. This is a different situation than with a bank, which customers may access from a variety of machines such as their work computer or their personal laptop or even their smartphone.
An online gaming company would install the PUFFIN software on its servers. When a customer logged into the game, the software would scan the gamer's graphics card for its unique "fingerprint," and match it against the known fingerprint on file. If the log in name and password didn't match the fingerprint, the online gaming company could ask for additional authentication and if that didn't match, the company could block the user.
Iran's Military Hacks U.S. Stealth Drone
The PUFFIN system isn't perfect. While it isn't possible to duplicate the hardware, it might be possible to duplicate the small differences in behavior on the part of the card. That's still a subject for further research. It's also worth noting that the identification is of the machine being used; it says nothing about who is using it. So someone might access a person's World of Warcraft account using the account holder's computer, and it would still look legitimate.
The PUFFIN Project will run until 2015.
Via PUFFIN, Threatpost