Abstract: A universal authentication mechanism for authenticating a user to a service provider (SP) is disclosed. An application device (ApD) requests a service for the user from the service provider (SP) and performs a transmission of a user identity (S10) identifying the user to the service provider (SP). The service provider sends a request for confirmation of the user identity (S20) to an authentication server (AS). The request comprises the user identity and a service identity identifying the requested service. The authentication server (AS) sends a request for service authentication (S50) to the authentication device (AuD) for confirmation. Based on the result of an analysis (S80) of a service authentication confirmation (S60) received from the authentication device (AuD), the authentication server (AS) sends a confirmation of the user identity (S90) confirming the identity of the user to the service provider (SP), which grants service access (S100).