Hirsch Secure uTrust FIDO2 GOV Security Key (FIPS 140-3, NFC, FIDO2, U2F, WebAuthn, PIV, HOTP & PGP)
- FIPS 140-3 validated. Complies with the highest level of authenticator security, AAL3, as outlined in NIST SP800-63B guidelines.
- TAA Compliant and both contact via USB and contactless via NFC.
- SIMPLE AND SECURE: FIDO Alliance certified. The cryptographic security model of the device eliminates the risk of phishing, password theft, and replay attacks. The FIDO cryptographic keys are stored on-device and are unique for each website, meaning they cannot be used to track users across sites.
- The keys provide phishing-resistant MFA that meets Federal compliance and are perfect for today’s DOD and Civilian use cases.
- MULTI-PROTOCOL: Supports FIDO2, FIDO U2F, WebAuthn, PIV, HOTP & PGP enabling strong multi-factor authentication, removing the necessity for passwords.
- The uTrust Key Manager tool can be used to manage the FIDO2 PIN and for specific HOTP and PIV functionality.
- It is best practice to have at least 2 keys when registering your account. One is your primary key for everyday use, and one as a backup key in the event you misplace your primary key.
- Certifications | IP Rating IP68 | System/Standards FIDO Universal 2nd Factor (U2F), FIDO2 | Regulatory/Environmental FIPS 140-3, CE, FCC
Secure Access. Simplified Identity. Trusted by Governments and Enterprises.
TAA Compliant: Hirsch, a globally trusted brand with American roots, manufactures the uTrust FIDO GOV security key with a strong focus on user security in a TAA-approved region. - OR - Designed for federal and defense applications, ensuring compliance with government procurement standards.
- High Quality: IP68 rating with a conformal coating making it water and dust resistant, with no moving parts and no batteries.
- Extensive Ecosystem: Instantly deploy Google, Ping, Okta and more.
- Ease of Use: No battery or network connectivity is required, users simply insert the key and tap to authetnicate.
Product Overview
Key Features of Hirsch Secure uTrust FIDO2 GOV Security Keys
uTrust FIDO2 Gov Security Key – a FIPS 140-2 validated, FIDO2-certified hardware authenticator designed for high-security environments across public and private sectors. Engineered to meet the rigorous demands of federal agencies, military branches, healthcare providers, educational institutions, and tech innovators, this key offers fast, phishing-resistant, and passwordless login – all from a compact, tamper-proof device.
- Works With: ID.me, Login.gov (GSA), AWS Identity and Access Management (IAM), Salesforce.com, Microsoft Azure AD, Google Account, Microsoft Account, Okta, Ping, Duo Security, Facebook, X, Dropbox
- FIPS 140-3 validated. Complies with the highest level of authenticator security, AAL3, as outlined in NIST SP800-63B guidelines.
- Multi-Protocol: Supports FIDO2, FIDO U2F, WebAuthn, PIV, HOTP & PGP enabling strong multi-factor authentication, removing the necessity for passwords.
- CJIS-Compliant Authentication: Ideal for law enforcement, first responders, and military personnel, meeting strict security requirements for federal and public safety networks.
- Secure hundreds of applications with a single key
Trusted by Highly Regulated Industies
Federal Government and Military
Designed to meet stringent federal standards, including FIPS 140-2 and NIST guidelines, Hirsch FIDO2 Gov Keys are used for secure authentication into government systems, classified environments, and CAC/PIV-enabled infrastructure. They replace or supplement smart cards with faster, phishing-resistant, and passwordless login.
Ideal for Zero Trust Architecture (ZTA) and CMMC compliance initiatives.
- Department of Defense (DoD) authentication
- Secure SCIF access control systems
- Login to sensitive .gov portals and air-gapped environments
Technology
Hirsch FIDO2 Gov Keys protects developer accounts, production environments, and internal tools from phishing and account takeovers, Supporting secure SSH, VPN, and cloud logins with FIDO2 and WebAuthn compatibility. Enables passwordless, multi-factor authentication (MFA) across leading identity platforms like Okta, Azure AD, and Google Workspace.
- DevOps and Git access protection
- Secure cloud console logins (AWS, GCP, Azure)
- MFA for distributed remote teams and admin roles
Education
Hirsch Keys safeguard learning environments & research data, empowering IT teams and faculty to protect student records, LMS systems, and research IP. Streamline secure login for staff and researchers, even across federated systems while complying with FERPA and supports data protection in high-value research institutions.
- Authentication to campus-wide Single Sign-On (SSO) systems
- Secure access to cloud-hosted learning tools (Canvas, Blackboard)
- Identity verification for remote exam proctoring
Healthcare
Our FIDO2 Security Keys enable compliance-driven security for critical health systems. Enabling secure, passwordless login to EHR systems, PACS viewers, and healthcare SaaS platforms. Supports HIPAA compliance by ensuring strong identity security and minimizing human error and is compatible with shared workstation environments in clinics and hospitals.
- Two-factor login for EHR systems like Epic and Cerner
- Secure access to patient portals and telehealth platforms
- Role-based access control in multi-user clinical environments
Technical Specifications
Secure Element
Asymmetric Block Cipher
Hirsch Secure uTrust FIDO2 GOV Security Key (FIPS 140-3, NFC, FIDO2, U2F, WebAuthn, PIV, HOTP & PGP)
- FIPS 140-3 validated. Complies with the highest level of authenticator security, AAL3, as outlined in NIST SP800-63B guidelines.
- TAA Compliant and both contact via USB and contactless via NFC.
- SIMPLE AND SECURE: FIDO Alliance certified. The cryptographic security model of the device eliminates the risk of phishing, password theft, and replay attacks. The FIDO cryptographic keys are stored on-device and are unique for each website, meaning they cannot be used to track users across sites.
- The keys provide phishing-resistant MFA that meets Federal compliance and are perfect for today’s DOD and Civilian use cases.
- MULTI-PROTOCOL: Supports FIDO2, FIDO U2F, WebAuthn, PIV, HOTP & PGP enabling strong multi-factor authentication, removing the necessity for passwords.
- The uTrust Key Manager tool can be used to manage the FIDO2 PIN and for specific HOTP and PIV functionality.
- It is best practice to have at least 2 keys when registering your account. One is your primary key for everyday use, and one as a backup key in the event you misplace your primary key.
- Certifications | IP Rating IP68 | System/Standards FIDO Universal 2nd Factor (U2F), FIDO2 | Regulatory/Environmental FIPS 140-3, CE, FCC
Product Overview
Secure Access. Simplified Identity. Trusted by Governments and Enterprises.
TAA Compliant: Hirsch, a globally trusted brand with American roots, manufactures the uTrust FIDO GOV security key with a strong focus on user security in a TAA-approved region. - OR - Designed for federal and defense applications, ensuring compliance with government procurement standards.
- High Quality: IP68 rating with a conformal coating making it water and dust resistant, with no moving parts and no batteries.
- Extensive Ecosystem: Instantly deploy Google, Ping, Okta and more.
- Ease of Use: No battery or network connectivity is required, users simply insert the key and tap to authetnicate.
Key Features of Hirsch Secure uTrust FIDO2 GOV Security Keys
uTrust FIDO2 Gov Security Key – a FIPS 140-2 validated, FIDO2-certified hardware authenticator designed for high-security environments across public and private sectors. Engineered to meet the rigorous demands of federal agencies, military branches, healthcare providers, educational institutions, and tech innovators, this key offers fast, phishing-resistant, and passwordless login – all from a compact, tamper-proof device.
- Works With: ID.me, Login.gov (GSA), AWS Identity and Access Management (IAM), Salesforce.com, Microsoft Azure AD, Google Account, Microsoft Account, Okta, Ping, Duo Security, Facebook, X, Dropbox
- FIPS 140-3 validated. Complies with the highest level of authenticator security, AAL3, as outlined in NIST SP800-63B guidelines.
- Multi-Protocol: Supports FIDO2, FIDO U2F, WebAuthn, PIV, HOTP & PGP enabling strong multi-factor authentication, removing the necessity for passwords.
- CJIS-Compliant Authentication: Ideal for law enforcement, first responders, and military personnel, meeting strict security requirements for federal and public safety networks.
- Secure hundreds of applications with a single key
Trusted by Highly Regulated Industies
Federal Government and Military
Designed to meet stringent federal standards, including FIPS 140-2 and NIST guidelines, Hirsch FIDO2 Gov Keys are used for secure authentication into government systems, classified environments, and CAC/PIV-enabled infrastructure. They replace or supplement smart cards with faster, phishing-resistant, and passwordless login.
Ideal for Zero Trust Architecture (ZTA) and CMMC compliance initiatives.
- Department of Defense (DoD) authentication
- Secure SCIF access control systems
- Login to sensitive .gov portals and air-gapped environments
Technology
Hirsch FIDO2 Gov Keys protects developer accounts, production environments, and internal tools from phishing and account takeovers, Supporting secure SSH, VPN, and cloud logins with FIDO2 and WebAuthn compatibility. Enables passwordless, multi-factor authentication (MFA) across leading identity platforms like Okta, Azure AD, and Google Workspace.
- DevOps and Git access protection
- Secure cloud console logins (AWS, GCP, Azure)
- MFA for distributed remote teams and admin roles
Education
Hirsch Keys safeguard learning environments & research data, empowering IT teams and faculty to protect student records, LMS systems, and research IP. Streamline secure login for staff and researchers, even across federated systems while complying with FERPA and supports data protection in high-value research institutions.
- Authentication to campus-wide Single Sign-On (SSO) systems
- Secure access to cloud-hosted learning tools (Canvas, Blackboard)
- Identity verification for remote exam proctoring
Healthcare
Our FIDO2 Security Keys enable compliance-driven security for critical health systems. Enabling secure, passwordless login to EHR systems, PACS viewers, and healthcare SaaS platforms. Supports HIPAA compliance by ensuring strong identity security and minimizing human error and is compatible with shared workstation environments in clinics and hospitals.
- Two-factor login for EHR systems like Epic and Cerner
- Secure access to patient portals and telehealth platforms
- Role-based access control in multi-user clinical environments
Technical Specifications
| Host Interface | USB 2.0 and NFC |
| Secure Element Interface | FIDO2, FIDO/U2F, HOTP, PIV |
| Contactless Functionality | FIDO, PGP, Physical Access PIV |
| Supported Operating Systems | Windows 10/11, Windows Servers, macOS, Linux, ChromeOS, Android |
| Dimensions | 52 x 20 x 6 mm |
| Weight | 4 g |
| Operating Temperature Range | 0 °C to 40 °C (32 °F to 104 °F) |
| Storage Temperature Range | -20 °C to 85 °C (-4 °F to 185 °F) |
| Connector | USB Type C Connector |
| Status Indicator | Amber LED (FIDO); Green LED (PC/SC) Only over USB |
| Reading/Writing Cycles | 10 years minimum - 500.000 cycles minimum |
| API & Supported Standard | PKCS#11 v2.40, v3.0 PKCS#15 v1.1 Microsoft CSP (CryptoAPI) & KSP/CNG (Next Generation) Apple CTK (CryptoTokenKit) & TokenD X.509 v3, SSL v3, TLS1.3, IPSec |
| Supported Signing/Encryption | PKCS#1 v1.5, v2.1, RSA-OAEP, RSASSA-PSS |
| Secure Chip Management | PIN and PUK management |
| Organizational Security Policy | SSCD: Secure Signature Creation Device CGA: Certificate Generation Application SCA: Signature Creation Application NR: Non Repudiation |
| Supported Browsers | Chrome, Edge, Safari, Firefox |
Secure Element
| Name | JCOP4.5 P71D600 |
| Standard | FIPS 140-3 Level 3 |
| Symmetric Block Cipher | AES | Supports 128, 192, 256 bits |
| Hashing | SHA (Hashing) / ECDSA SHA | SHA1, SHA-224, SHA-256, SHA-384, SHA-512 |
Asymmetric Block Cipher
| RSA Key Generation | Generates up to 4096 bits |
| RSA Signature, cipher/decipher | Supports up to 4096 bits |
| ECC Key Generation | Generates up to 521 bits |
| ECC Signature | Supports up to 521 bits |