In Fortanix Data Security Manager (DSM), MFA (Multi-Factor Authentication) device attestation is the process of validating the authenticity and integrity of a hardware authenticator. During attestation, the device provides an attestation object, which includes a certificate signed by an attestation private key embedded within the device. This certificate proves the device's origin and manufacturer.
In the case of self-attestation, the authenticator dynamically generates a key pair and signs the attestation statement using the newly created private key, rather than a manufacturer-issued attestation key.
The binary response from a U2F (Universal 2nd Factor) device typically includes:
The public key
A key handle
The attestation certificate
A digital signature
These components together help the relying party (for example, a security service) verify the legitimacy of the device during registration.