The PasskeyCredential data object manages the cryptographic credentials for the passwordless authentication of persons using passkey technology. It stores the public keys and unique credential identifiers that are used for biometric or hardware-based login. The data object is directly linked to individuals and provides a secure, modern alternative to conventional password authentication in various login processes.
Identification
| Property | Description |
| Users | Unique identifier of the user to whom this passkey authorization is assigned. Enables the clear assignment of authentication data to a specific user in the system. |
| Number of authentication processes | Counts the number of authentication processes performed with this passkey credential. This value increases with each successful login and is used for security monitoring to detect unusual usage patterns. |
| Authenticator device | Unique identifier of the authenticator device used to create the passkey authorization. This GUID identifies the type and manufacturer of the security device used and enables the hardware source to be traced for authentication purposes. |
| User-friendly name | A user-friendly name for the passkey that is used to easily identify and differentiate between several stored passkeys. This name is displayed in the user interface and helps to quickly find the desired passkey. |
| Type of authenticator | Specifies the type of authenticator used for passkey login, such as hardware token, smartphone or biometric device. This information helps to manage and differentiate between different login methods. |
| Transportation methods | Defines the supported transport methods for this passkey authorization, such as USB, NFC or Bluetooth. This information determines the connection methods via which the passkey can be used for authentication. |
| Time of use | Time of the last use of the passkey credential for authentication. This information is used to track activity and can be helpful for security checks or managing unused credentials. |
Certificate
Contains the cryptographic properties and security information of the passkey certificate, including public key and revocation status.
| Property | Description |
| Public key | The public key of the passkey credentials used for cryptographic verification of user authentication. This key enables secure identity verification without transmitting secret information. |
| Login key in Base64 | The unique identifier of the passkey enrolment key in Base64-encoded form. This identifier is used to securely assign and manage the biometric or device-based authentication data. |
| Cryptographic structure | The attestation format defines the cryptographic structure and the standard according to which the passkey authorization was created and validated. It determines how the authenticity and integrity of the passkey is technically verified. |
| Revoke at | Time at which the passkey authorization was revoked and thus became invalid for authentications. Remains empty as long as the authorization is active and usable. |
| Revoked by | Indicates which user or system has revoked the passkey authorization. This field documents the responsibility for security measures and enables access changes to be tracked. |
Administration
Contains administrative settings and configuration options for passkey credentials, including backup management and health monitoring.
| Property | Description |
| Backup allowed? | Specifies whether the passkey authorization is suitable for backup procedures and can therefore be restored on other devices. This setting determines the portability of the authentication data between different end devices. |
| Backup status | Indicates whether the passkey credential is in a backup state. Indicates credentials that have been created or restored as a backup copy to ensure authentication even in the event of device loss. |
