Abstract: A method for authenticating a user includes connecting to a server from a user device, loading from the server to the user device data including executable data, detecting by the user device, while executing the executable data, whether an identifier relating to a short range communication device exists in a vicinity of the user device, sending from the user device to the server a user identifier accompanied with the detected short range communication device identifier, verifying by the server for the identified user whether a detected short range communication device identifier matches a predetermined part of a reference short range communication device identifier. Access is granted from the server only if the detected short range communication device identifier matches the predetermined part of the reference short range communication device identifier.

Abstract: A method for authenticating a user includes connecting to a server from a user device, loading from the server to the user device data including executable data, detecting by the user device, while executing the executable data, whether an identifier relating to a short range communication device exists in a vicinity of the user device, sending from the user device to the server a user identifier accompanied with the detected short range communication device identifier, verifying by the server for the identified user whether a detected short range communication device identifier matches a predetermined part of a reference short range communication device identifier. Access is granted from the server only if the detected short range communication device identifier matches the predetermined part of the reference short range communication device identifier.

Abstract: A method for deploying credentials in a server and a client system including three devices. The second device has primary credentials including a public key, a private key and a primary certificate. After successful authentication of a user, the first device generates a new private key/public key pair and wraps the new private key. After successful authentication of the user, the second device derives a new certificate comprising the new public key, the new certificate having the same usage specified in the primary certificate. The second device signs the new certificate using the private key of the primary credentials. The third device forwards to the server the primary certificate and the new credentials combining the new public key, the wrapped private key and the new certificate. The server verifies the chain of trust of the new credentials and, in case of successful verification, associates the new credentials to the user.