A conventional software lockbox mechanism senses operating platform parameters (e.g., a particular hostname, a particular network address, etc.) in its environment, and then securely stores information in encrypted form. The lockbox mechanism then decrypts the stored information only if the lockbox mechanism continues to sense the same operating platform parameters.
Accordingly, if the lockbox mechanism is copied to another platform which has different operating platform parameters (e.g., an attacker clones the lockbox mechanism), the lockbox mechanism running on the attacker's platform will not decrypt the stored information since the attacker's platform has different operating platform parameters.
With the above-described lockbox mechanism in place, applications are able to store sensitive data in the lockbox mechanism via function calls to the lockbox mechanism. For example, an application can store credentials, which the application requires in order to participate in an information exchange with a server, in the lockbox mechanism.