--- title: "What is MFA device attestation, self-attestation, and the attestation ID, response, and type? What does the binary response from a U2F device include?" slug: "what-is-mfa-device-attestation-including-self-attestation-and-the-attestation-id-response-and-type-what-does-the-binary-response-from-a-u2f-device" updated: 2026-03-16T17:31:57Z published: 2026-03-16T17:31:57Z canonical: "support.fortanix.com/what-is-mfa-device-attestation-including-self-attestation-and-the-attestation-id-response-and-type-what-does-the-binary-response-from-a-u2f-device" --- > ## Documentation Index > Fetch the complete documentation index at: https://support.fortanix.com/llms.txt > Use this file to discover all available pages before exploring further. # What is MFA device attestation, self-attestation, and the attestation ID, response, and type? What does the binary response from a U2F device include? In Fortanix-Data-Security-Manager (DSM), MFA (Multi-Factor Authentication) device attestation is the process of validating the authenticity and integrity of a hardware authenticator. During attestation, the device provides an *attestation object*, which includes a certificate signed by an attestation private key embedded within the device. This certificate proves the device's origin and manufacturer. In the case of **self-attestation**, the authenticator dynamically generates a key pair and signs the attestation statement using the newly created private key, rather than a manufacturer-issued attestation key. The binary response from a U2F (Universal 2nd Factor) device typically includes: - The **public key** - A **key handle** - The **attestation certificate** - A **digital signature** These components together help the relying party (for example, a security service) verify the legitimacy of the device during registration. Fortanix Data Security Manager (DSM) is the world’s first cloud service secured with Intel® SGX. With Fortanix DSM, you can securely generate, store, and use cryptographic keys and certificates, as well as other secrets such as passwords, API keys, tokens, or any blob of data. Your business-critical applications and containers can integrate with Fortanix DSM using legacy cryptographic interfaces (PKCS#11, CNG, and JCE) or using the native Fortanix DSM RESTful interface.