Attested

Full Title or Meme

A statement is Attested if some Trusted Third Party can create a Validated Claim about a User Device used during either Authentication or Authorization.

The Context in which an Attestation of Security applies is typically during the Validation of the security protection provided to User secrets (such as Credentials) on a User Device.

When a secure operation is performed at a user location, the packet returned from that User Device needs to be trusted by the Site that receives it.
The signing key for that packet from a User Device will have a certificate that binds that signing key to a particular device.
If the device reports a serial number, or (equivalently) a public key that is unique that that device, that can be used as a tracking number for the owner of the device.
In 1999 Intel started to ship Pentium Processors with a serial number that created huge public outcry about the privacy implications. They backtracked a lot from their original assertions about security an privacy with a Q&A for their OEMs to address the issues.^[1] No company has tried putting a serial number in processors since then.

The certificate for the signing key from the User Device, and potentially the configuration information from the device, will need to be Attested by some Trusted Third Party.
It is recommended that a large number (ca 100,000) devices be equipped with the same public key to avoid privacy concerns.^[2] Then the public key is basically the Identifier for the category of User Device.
Attestation can be complex for programmable computers, or simple for one function User Devices like Security Tokens.
An example of a single attestation program with associated metadata is described in the FIDO web site.
When a simple certificate is used, it typically is accompanied by a metadata statement, an example is this one at Yubico.