Abstract
The invention relates to a method for authenticating a client (C) with respect to a service server (S) comprises the following steps: transmitting an authentication token (c) from an authentication server (K) to the client (C) (110); transmitting the authentication token (c) from the client (C) to the service server (S) (120); verifying the authentication token (c) by the service server (S) (130); and deciding on an approval or disapproval of the requested resource, taking a result of the verification by the service server (S) into consideration (140). An authentication server (K) for authenticating a client (C) with respect to a service server (S) comprises a cryptography device for cryptographically attaching the authentication token (c) to a secret (cid), which is shared between the client (C) and the authentication server (K). The invention further relates to a service server (S) for authenticating a client (C) with respect to the service server (S), wherein the service server (S) comprises an authentication token verifier for verifying whether the authentication token (c) was cryptographically attached to a secret (cid) shared between the client (C) and the authentication server (K).