NOTICE: Due to a lapse in annual appropriations, most of this website is not being updated. Learn more.

Form submissions will still be accepted but will not receive responses at this time. Sections of this site for programs using non-appropriated funds (such as NVLAP) or those that are excepted from the shutdown (such as CHIPS and NVD) will continue to be updated.

U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

PUBLICATIONS

Entity Authentication Using Public Key Cryptography

Published

Author(s)

National Institute of Standards and Technology (NIST), James Foti

Abstract

[Withdrawn October 19, 2015] This standard specifies two challenge-response protocols by which entities in a computer system may authenticate their identities to one another. These may be used during session initiation, and at any other time that entity authentication is necessary. Depending on which protocol is implemented, either one or both entities involved may be authenticated. The defined protocols are derived from an international standard for entity authentication based on public key cryptography, which uses digital signatures and random number challenges. Authentication based on public key cryptography has an advantage over many other authentication schemes because no secret information has to be shared by the entities involved in the exchange. A user (claimant) attempting to authenticate oneself must use a private key to digitally sign a random number challenge issued by the verifying entity. This random number is a time variant parameter which is unique to the authentication exchange. If the verifier can successfully verify the signed response using the claimant's public key, then the claimant has been successfully authenticated.
Citation
Federal Inf. Process. Stds. (NIST FIPS) - 196
Report Number
196
NIST Pub Series
Federal Inf. Process. Stds. (NIST FIPS)
Pub Type
NIST Pubs

Download Paper

Local Download

Keywords

access control, authentication, challenge-response, computer security, cryptographic modules, cryptography, Federal Information Processing Standard (FIPS), telecommunications security
Federal information processing standards (FIPS) and Cybersecurity and privacy

Citation

(NIST), N. and Foti, J. (1997), Entity Authentication Using Public Key Cryptography, Federal Inf. Process. Stds. (NIST FIPS), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=901429 (Accessed October 12, 2025)

Issues

If you have any questions about this publication or are having problems accessing it, please contact [email protected].

Created February 18, 1997, Updated July 25, 2024
Was this page helpful?