The thing is with keys alone you're not proving that data was created by an _device_. But rather, just by a key. That by itself doesn't mean anything. To actually prove something about a device is a difficult key validation problem.
Discussion
I really appreciate your reply.
I was thinking about it as the device fingerprint being essentially the seed for the key but I can see how that could be an issue if you cannot guarantee uniqueness of the seed, or if the private key is compromised (or can't be proven that it was never compromised), spoofing a device fingerprint, etc.
Anyway, I won't take more of your time but I like learning what I can. Have a good one! 👍