First, biometric. I have to prove to my iPad that it’s actually me doing this signing. Second, the device integrity. Including the SIM card and the configuration on the device needs to be rechecked so that it can be sure that it has not been taken over.