摘要 |
The invention refers to a method for authenticating a user (U) when logging in at an online service (OS), where the online service (OS) is provided by a server arrangement and the method is based on a communication between the online service (OS) and a primary device (PD) and between the online service (OS) and a secondary device (SD), the method comprising the following steps: a) a user identification (ID) specified by the user (U) at the secondary device (SD) and not including any creden- tial is received by the online service (OS); b) an authentication request (ARE) is transmitted by the online service (OS) to the primary device (PD) where the primary device (PD) is associated with the user identification (ID); c) an authentication response (ARS) comprising at least one credential (CR) is transmitted by the primary device (PD) to the online service (OS), where the at least one credential (CR) originates from a storage in the primary device (PD) and is only transmitted through the authentication response (ARS) upon a successful local authentication of the user (U) at the primary device (PD) or where the at least one credential (CR) is specified by the user (U) at the primary device (PD); d) in case of a successful verification of the at least one credential (CR) by the online service (OS), the user (U) is logged in at the online service (OS) and a confirmation (CON) of the login is sent to the secondary device (SD). |