go to NIST home page go to Division/CSRC home page go to Focus Areas page go to Publications page go to Advisories page go to Events page go to Site Map page go to ITL home pageCSRC and computer security division home page link
header image with links

KBA Home

Agenda & Presentations

CSRC Homepage

Search CSRC

KBA Program Header image

Knowledge Based Authentication: Is It Quantifiable?

February 9-10, 2004

National Institute of Standards and Technology (NIST) - Gaithersburg, MD
Green Auditorium, Administration Building (101)

Knowledge based authentication (KBA) offers several advantages to traditional (conventional) forms of e-authentication like passwords, PKI and biometrics. KBA is a particularly useful tool to remotely authenticate individuals who conduct business electronically with Federal agencies or businesses infrequently. In these situations, other authentication tools such as passwords and PKI certificates can be expensive to administer for the application provider and difficult to use for the remote individual. By successfully participating in a series of KBA challenge-response queries, the identity of an individual can be established without delay. However, the complexity and interdependencies of KBA solutions used make it difficult to quantify the level of assurance that a remote user is who he claims to be. NIST is hosting this symposium to help identify standard authentication metrics that can be applied to KBA tools and solutions.

Topics to be discussed include:
  • Terminology and Components of KBA systems
  • User Requirements for KBA solutions
  • Information Source Metrics
  • Challenge-Response Metrics
  • Analysis and Scoring Metrics
  • Standard Metrics for KBA



Last updated: February 16, 2006
Page created: October 27, 2003

Disclaimer Notice & Privacy Statement / Security Notice
Send comments or suggestions to sara@nist.gov
NIST is an Agency of the U.S. Commerce Department's
Technology Administration