The invention provides a method for frequent verifications of the identity of a user performed during a long session of client-server communication by secure exchange of keys between the client and the server. A user is represented at the server by a set of random numbers that have nothing to do with his biometric data. The server initiates authentication requests by sending encoded randomly generated permutation to the client. On each request, the client creates a dynamic response key built by using the decoded permutation and biometric data of the user so that this biometric data cannot be retrieved from the key. The key also includes the correlation coefficient between the sound of the user's breathing and the distance between the most outer sides of the wings of his nose and the correlation coefficient between the area of the user's pupil and the brightness of his computer screen.