SYSTEM FOR REMOTELY AUTHENTICATING THE IDENTITY OF USERS BY MEANS OF NETWORK-BASED SMART CARDS

摘要

The invention relates to a system for remotely authenticating the identity of users by means of smart cards, comprising: a smart card (10) which provides a user authentication certificate (C.X.509.U_AUT), an access point (20) for the smart card, and a remote authentication server (30) for authenticating said smart card. According to the invention, the smart card (10) is configured as an independent authentication requester in order to respond to a stack of network protocols, in relation to which a remote, smart-card-controlled authentication mechanism is implemented, and the access point is configured as a network access server in order to act as an authentication intermediary (A) between the smart card and the remote authentication server. In response to a remote mutual authentication between the remote authentication server and the smart card, an end-to-end secure channel (40) is maintained using a session key (Ksk, KSA/eID) and defined between the smart card and the remote authentication server and the identity of the user is authenticated by means of said secure channel using the authentication certificate (C.X.509.U_AUT).