Authenticating an entity and/or a transaction with the entity to a service provider

摘要

An entity (D) is authenticated to a service provider (C) and/or a transaction is authorized with the entity (D) to the service provider (C) over a small bandwidth channel. The entity (D) pre-computes an identity proof (IDP) dependent on an identity information (CERTu) and a policy (Pc) of the service provider (C). The identity proof (IDP) is transmitted to a transaction authorization service (T). Alternatively, the entity (D) pre-computes the identity proof (IDP) interacting with the transaction authorization service (T). A primary transaction code (TAN) is determined and transmitted to the entity (D). With the entity (D), a secondary transaction code (A) is computed dependent on the primary transaction code (TAN) and is transmitted to the service provider (C). The secondary transaction code (A) is transmitted to the transaction authorization service (T). The secondary transaction code (A) is validated dependent on the primary transaction code (TAN). The transaction authorization service (T) transmits the pre-computed identity proof (IDP) and/or a validation information dependent on a validation result of the validation to the service provider (C). The arrangement allows an anonymous authentication with a service provider using zero-knowledge proof.