Security token and method for authentication of a user with the security token

A security token comprises a personal data memory to store personalized data of an user as digital identity credentials (33, 34). An input appliance is used to allow checking of said personal data, preferably with an on board identity verification using 2- or 3-authentication factors. The token comprises a key record data memory (71, 75) to store a plurality of identity credentials initialized by a certification authority and possibly attributed to different service providers. It further comprises a transmitter and receiver unit for creating a secure channel directly or indirectly to an authentication server or application operator or certification authority to handle said key record (71, 75) relating to said authentication server. A control unit is provided to control the transmitter and receiver unit as well as the key record data memory (71, 75) in view of said handling, comprising an action from the group of interpreting, deciphering, creating, checking, renewing, withdrawing and further key record handling actions. This enables the user to use federated identities in a highly secured environment, using biometric data to authenticate himself with the device, but without giving away such biometric data to third parties.