**4. The framework**

This section describes the decision framework constructed through the knowledge base acquired by using the methodologies presented above. It has been given the name of Kontun framework, which means "to enter foreign property" in Mapudungún, an indigenous language from Chile, which is what it aims to prevent. **Table 8** shows a summary of the main findings during the knowledge base gathering and their origin (either the SLR or the S&I).

A summary of the constructed framework's characteristics is provided next. A complete description can be found in [26].

First, the framework considers a number of criteria obtained from the knowledge base, divided among the three most observed categories: security, usability, and costs. Each criterion is then given distinct possible importance values and a weight based on the findings from the knowledge base. To illustrate the above


#### **Table 8.**

*Summary of the acquired knowledge base.*

*Multifactor Authentication Methods: A Framework for Their Comparison and Selection DOI: http://dx.doi.org/10.5772/intechopen.89876*

criterion, **Table 9** shows the usability-related criteria, their importance values, and their weights.

Every criterion has two or more importance values between 20 and 100, and the sum of all the weights of the criteria belonging to the same category is 100%. In this manner, when using the framework, a person must select the importance values that best describe their application and then calculate the average values of security (S), usability (U), and costs (C) using the following equations:

$$S = \sum\_{\text{for each criterion of } S} \text{AsscessmentValue} \ast \text{CriticalWeight} \tag{1}$$

$$U = \sum\_{\text{for each criterion of } U} \text{AsscessmentValue} \ast \text{Critical Weight} \tag{2}$$

$$C = \sum\_{\text{for each criterion of } C} \text{AsscessmentValue} \ast \text{Critical Weight} \tag{3}$$

The framework also considers a number of common contexts identified through the knowledge base. These contexts were given distinct weights based on the importance of security and usability in the context itself. Here, a term known as the security/usability value (SUV) is presented. The knowledge base allowed to ascertain the fact that, generally, the more secure an authentication scheme or method is, it has a lower usability and vice-versa. The SUV is used to denotate this. Based on the calculated average values of S, U, and C, coupled with the selected application context (Ct), the SUV is calculated as follows:

$$SUV = A \ast S + B \ast (100 - U) \tag{4}$$

A and B are constants defined based on the importance given to S and U, respectively, in the selected context. A high SUV value thus indicates that more

