摘要 |
The invention relates to a method (20) for accessing a service. According to the invention, a device (12) and a server (16) access at least one transaction application key. The method comprises the following steps. A terminal (14) gets an identifier (22) relating to the device. The terminal sends to the server the device identifier (24). The server verifies (25) whether the device identifier is or is not authorized to access the service. Only if the device identifier is authorized to access the service, then the server sends to the device a transaction identifier and at least one transaction parameter (26). The device requests a device user to enter data (28). The device user enters data (210). The device generates (212) a response by using a predetermined transaction algorithm, the entered data, the at least one transaction application key and the at least one transaction parameter. The device sends to the server a transaction request accompanied with the transaction identifier and the response (214). The server verifies (215) whether the response does or does not match an expected result relating to the transaction. Only if the response does match the expected result, then the server authenticates the device user and the device and the server authorizes (216, 218) the transaction. The invention also relates to corresponding server, device and system. |